NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY
SI-10(4) — Timing Interactions
Account for timing interactions among system components in determining appropriate responses for invalid inputs.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
In addressing invalid system inputs received across protocol interfaces, timing interactions become relevant, where one protocol needs to consider the impact of the error response on other protocols in the protocol stack. For example, 802.11 standard wireless network protocols do not interact well with Transmission Control Protocols (TCP) when packets are dropped (which could be due to invalid packet input). TCP assumes packet losses are due to congestion, while packets lost over 802.11 links are typically dropped due to noise or collisions on the link. If TCP makes a congestion response, it takes the wrong action in response to a collision event. Adversaries may be able to use what appear to be acceptable individual behaviors of the protocols in concert to achieve adverse effects through suitable construction of invalid input. The invalid inputs are those related to the information inputs defined by the organization in the base control ( [SI-10](#si-10)).
Practitioner Notes
Account for timing interactions in input validation — ensure that the order and timing of inputs cannot be manipulated to bypass validation checks.
Example 1: Implement CSRF (Cross-Site Request Forgery) tokens in your web applications. Each form submission includes a unique, time-limited token that prevents attackers from replaying or timing-manipulating form submissions.
Example 2: Use sequence validation in multi-step forms. The system verifies that Step 2 data only arrives after Step 1 is completed, preventing attackers from skipping validation steps by submitting directly to later stages.