SC-7(9): Restrict Threatening Outgoing Communications Traffic
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SC-7(9): Restrict Threatening Outgoing Communications Traffic
Control Statement
The information system:
- Detects and denies outgoing communications traffic posing a threat to external information systems; and
- Audits the identity of internal users associated with denied communications.
Supplemental Guidance
Detecting outgoing communications traffic from internal actions that may pose threats to external information systems is sometimes termed extrusion detection. Extrusion detection at information system boundaries as part of managed interfaces includes the analysis of incoming and outgoing communications traffic searching for indications of internal threats to the security of external systems. Such threats include, for example, traffic indicative of denial of service attacks and traffic containing malicious code.