NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION
SC-8(4) — Conceal or Randomize Communications
Implement cryptographic mechanisms to conceal or randomize communication patterns unless otherwise protected by {{ insert: param, sc-08.04_odp }}.
Supplemental Guidance
Concealing or randomizing communication patterns addresses protection from unauthorized disclosure of information. Communication patterns include frequency, periods, predictability, and amount. Changes to communications patterns can reveal information with intelligence value, especially when combined with other available information related to the mission and business functions of the organization. Concealing or randomizing communications prevents the derivation of intelligence based on communications patterns and applies to both internal and external networks or links that may be visible to individuals who are not authorized users. Encrypting the links and transmitting in continuous, fixed, or random patterns prevents the derivation of intelligence from the system communications patterns. Alternative physical controls include protected distribution systems.
Practitioner Notes
Conceal or randomize communication patterns to make it harder for an adversary to perform traffic analysis — figuring out what you are doing based on when and how much you communicate.
Example 1: Use traffic padding on your VPN tunnels to maintain a constant traffic volume. Whether your users are busy or idle, the tunnel sends the same amount of encrypted data, making it impossible for observers to infer activity levels from traffic volume.
Example 2: Randomize the timing of automated processes like backup transfers, patch downloads, and SIEM log forwarding. Instead of running backups at exactly 2:00 AM every night (a predictable pattern), add a random delay of 0-60 minutes.