CA-3(2): Classified National Security System Connections

CSF v1.1 References:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: SC-7(26): Classified National Security System Connections.

Control Statement

The organization prohibits the direct connection of a classified, national security system to an external network without the use of [Assignment: organization-defined boundary protection device].

Supplemental Guidance

Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between classified national security systems and external networks. In addition, approved boundary protection devices (typically managed interface/cross-domain systems) provide information flow enforcement from information systems to external networks.