Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization prohibits the direct connection of an [Assignment: organization-defined unclassified, non-national security system] to an external network without the use of [FedRAMP Assignment: (M)(H) Boundary Protections which meet the Trusted Internet Connection (TIC) requirements].
CA-3 (3) Additional FedRAMP Requirements and Guidance: Refer to Appendix H – Cloud Considerations of the TIC 2.0 Reference Architecture document.
NIST 800-53 (r4) Supplemental Guidance:
Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between unclassified non-national security systems and external networks. This control enhancement is required for organizations processing, storing, or transmitting Controlled Unclassified Information (CUI).
NIST 800-53 (r5) Discussion:
Withdrawn: Moved to SC-7(27).
38North Guidance:
Meets Minimum Requirement:
Prohibits the direct connection of an unclassified, non-national security system to an external network that does not meet the Trusted Internet Connection (TIC) requirements.
Best Practice:
None.
Unofficial FedRAMP Guidance:
Refer to Appendix H – Cloud Considerations of the TIC 2.0 Reference Architecture document. https://www.cisa.gov/tic-guidance
Assessment Evidence:
Evidence to show how the system prohibits the direct connection of an organization-defined unclassified, non-national security system to an external network without the use of an organization-defined boundary protection device.
CSP Implementation Tips:
None.
Page updated
Report abuse