CA-3(2): Classified National Security System Connections
Control Family:
Parent Control:
Baselines:
(Not part of any baseline)
Control is withdrawn in the next version of this control set and incorporated into: SC-7(26): Classified National Security System Connections.
Control Statement
The organization prohibits the direct connection of a classified, national security system to an external network without the use of [Assignment: organization-defined boundary protection device].
Supplemental Guidance
Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between classified national security systems and external networks. In addition, approved boundary protection devices (typically managed interface/cross-domain systems) provide information flow enforcement from information systems to external networks.