SC-7(25): Unclassified National Security System Connections

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: CA-3(1): Unclassified National Security System Connections.

Control Statement

Prohibit the direct connection of [Assignment: organization-defined unclassified national security system] to an external network without the use of [Assignment: organization-defined boundary protection device].

Supplemental Guidance

A direct connection is a dedicated physical or virtual connection between two or more systems. Organizations typically do not have complete control over external networks, including the Internet. Boundary protection devices (e.g., firewalls, gateways, and routers) mediate communications and information flows between unclassified national security systems and external networks.