SC-7(4): External Telecommunications Services

CSF v1.1 References:

Baselines:

  • Moderate
  • High

Previous Version:

Control Statement

  1. Implement a managed interface for each external telecommunication service;
  2. Establish a traffic flow policy for each managed interface;
  3. Protect the confidentiality and integrity of the information being transmitted across each interface;
  4. Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;
  5. Review exceptions to the traffic flow policy [Assignment: organization-defined frequency] and remove exceptions that are no longer supported by an explicit mission or business need;
  6. Prevent unauthorized exchange of control plane traffic with external networks;
  7. Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and
  8. Filter unauthorized control plane traffic from external networks.

Supplemental Guidance

External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include routing, Domain Name System (DNS), and management. Unauthorized control plane traffic can occur through a technique known as "spoofing."