STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-31

System and Communications ProtectionRev 5organization

Covert Channel Analysis

Control Statement

a. Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert [Selection: organization-defined value] channels; and b. Estimate the maximum bandwidth of those channels.

Supplemental Guidance

Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, such as in the case of systems that contain export-controlled information and have connections to external networks (i.e., networks that are not controlled by organizations). Covert channel analysis is also useful for multilevel secure systems, multiple security level systems, and cross-domain systems.

Related Controls (4)

AC-3AC-4SA-8SI-11

CCI Identifiers (3)

CCI-001206The organization requires that information system developers/integrators perform a covert channel analysis to identify those aspects of system communication that are potential avenues for covert storage and timing channels.CCI-002498Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert storage and/or timing channels.CCI-002499Estimate the maximum bandwidth of the covert storage and timing channels.

Linked STIG Checks (0)

No STIG checks reference this control.