Navigate

CCI-001097

CCI-001097 Definition

Monitor and control communications at the external managed interfaces to the system and at key managed interfaces within the system.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements processes to monitor and control communications at the external boundary of the system and at key internal boundaries within the system. The organization must maintain an audit trail of monitoring activities.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of monitoring activities to ensure the organization being inspected/assessed monitors and controls communications at the external boundary of the system and at key internal boundaries within the system.

Compelling Evidence

1.) Current Network diagram. 2.) Applicable firewall rule set. 3.) Applicable firewall logs.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001097.

Control	Description
SC-7	The information system: a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b: Implements subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Control

Description

SC-7

The information system:

a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system;

b: Implements subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and

c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.