SC-26

  • Requirement

    Include components within organizational systems specifically designed to be the target of malicious attacks for detecting, deflecting, and analyzing such attacks.

  • Discussion

    Decoys (i.e., honeypots, honeynets, or deception nets) are established to attract adversaries and deflect attacks away from the operational systems that support organizational mission and business functions. Use of decoys requires some supporting isolation measures to ensure that any deflected malicious code does not infect organizational systems. Depending on the specific usage of the decoy, consultation with the Office of the General Counsel before deployment may be needed.

More Info

  • Title

    Decoys
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      RA-5;SC-7;SC-30;SC-35;SC-44;SI-3;SI-4

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!