CCI-001098

Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Implementation Guidance

The organization being inspected/assessed designs the information system to enforce requirements that components connect to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines network topology diagrams, architecture documentation, or any other documentation identifying component connectivity to ensure the organization being inspected/assessed connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Compelling Evidence

1.) Current network topology diagrams. 2.) Architecture documentation or relevant documentation for identifying component connectivity.

The controls below (if any) were marked by NIST as being related to CCI-001098.