NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-30(4)Misleading Information

Employ realistic, but misleading information in {{ insert: param, sc-30.04_odp }} about its security state or posture.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Employing misleading information is intended to confuse potential adversaries regarding the nature and extent of controls deployed by organizations. Thus, adversaries may employ incorrect and ineffective attack techniques. One technique for misleading adversaries is for organizations to place misleading information regarding the specific controls deployed in external systems that are known to be targeted by adversaries. Another technique is the use of deception nets that mimic actual aspects of organizational systems but use, for example, out-of-date software configurations.

Practitioner Notes

Plant misleading information that leads attackers down wrong paths or reveals their presence when they act on the false intelligence.

Example 1: Create fake administrator accounts in Active Directory with enticing names like "backup_admin" or "svc_sql_prod." These accounts are never used legitimately. Any authentication attempt triggers an immediate high-priority alert in your SIEM.

Example 2: Place fake network diagrams and password files in decoy file shares. If an attacker finds and uses this information, they waste time on non-existent systems while your monitoring detects their activity through the honey tokens embedded in the fake documents.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability