NIST 800-172
3.13 SYSTEM AND COMMUNICATIONS PROTECTION
3.13.3e
Employ [Assignment: organization-defined technical and procedural means] to confuse and mislead adversaries.
There are many techniques and approaches that can be used to confuse and mislead adversaries including misdirection tainting disinformation or a combination thereof. Deception is used to confuse and mislead adversaries regarding the information that the adversaries use for decision-making the value and authenticity of the information that the adversaries attempt to exfiltrate or the environment in which the adversaries desire or need to operate. Such actions can impede the adversary’s ability to conduct meaningful reconnaissance of the targeted organization delay or degrade an adversary’s ability to move laterally through a system or from one system to another system divert the adversary away from systems or system components containing CUI and increase observability of the adversary to the defender—revealing the presence of the adversary along with its TTPs. Misdirection can be achieved through deception environments (e.g. deception nets) which provide virtual sandboxes into which malicious code can be diverted and adversary TTP can be safely examined. Tainting involves embedding data or information in an organizational system or system component which the organization desires adversaries to exfiltrate. Tainting allows organizations to determine that information has been exfiltrated or improperly removed from the organization and potentially provides the organization with information regarding the nature of exfiltration or adversary locations. Disinformation can be achieved by making false information intentionally available to adversaries regarding the state of the system or type of organizational defenses. Any disinformation activity is coordinated with the associated federal agency requiring such activity and should include a plan to limit incidental exposure of the false CUI to authorized users. Disinformation can be employed both tactically (e.g. making available false credentials that the defender can use to track adversary actions) and strategically (e.g. interspersing false CUI with actual CUI interfering with an adversary’s re-use reverse engineering and exploitation of legitimate CUI thus undermining the adversary’s confidence in the value of the exfiltrated information and subsequently causing them to limit such exfiltration).[SP 800-160-2] provides guidance on developing cyber resilient systems and system components.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!