|SC-31 (2) Maximum Bandwidth || |
Information system developers are in the best position to reduce the maximum bandwidth for identified covert storage and timing channels.
The organization reduces the maximum bandwidth for identified covert Selection (one or more); storage; timing channels to Assignment: organization-defined values.
|SC-31 (3) Measure Bandwidth In Operational Environments || |
This control enhancement addresses covert channel bandwidth in operational environments versus developmental environments. Measuring covert channel bandwidth in operational environments helps organizations to determine how much information can be covertly leaked before such leakage adversely affects organizational missions/business functions. Covert channel bandwidth may be significantly different when measured in those settings that are independent of the particular environments of operation (e.g., laboratories or development environments).
The organization measures the bandwidth of Assignment: organization-defined subset of identified covert channels in the operational environment of the information system.