NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-16(2)Anti-spoofing Mechanisms

Implement anti-spoofing mechanisms to prevent adversaries from falsifying the security attributes indicating the successful application of the security process.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Some attack vectors operate by altering the security attributes of an information system to intentionally and maliciously implement an insufficient level of security within the system. The alteration of attributes leads organizations to believe that a greater number of security functions are in place and operational than have actually been implemented.

Practitioner Notes

Implement anti-spoofing mechanisms for security attributes to prevent an attacker from downgrading or removing classification labels to bypass access controls.

Example 1: Configure your data classification tool to prevent users from removing or downgrading sensitivity labels without justification and approval. In Microsoft Purview, enable "require justification for label downgrade" so users must explain why they are reducing a document's sensitivity.

Example 2: On your mail gateway, reject inbound emails that claim a lower classification than the content warrants. Use content inspection rules that flag messages containing classified keywords but carrying unclassified labels.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability