Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family SC

SC-31Covert Channel Analysis

Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert {{ insert: param, sc-31_odp }} channels; and Estimate the maximum bandwidth of those channels.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (11)

Weaknesses this control addresses (3)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-203Observable Discrepancy836Observable discrepancies in system behavior can be modulated to create covert storage or timing channels; the required analysis detects and constrains such avenues.
CWE-208Observable Timing Discrepancy121Observable timing discrepancies are a primary mechanism for constructing covert timing channels; analysis identifies and bounds them, limiting exploitation.
CWE-385Covert Timing Channel39Directly targets covert timing channels by requiring identification and bandwidth estimation, enabling mitigation that reduces or eliminates their usability.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-497341.67.50.0130good
CVE-2026-235192.09.80.0003good
CVE-2024-139391.57.50.0022good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-28 SC-29 SC-3 SC-30 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9