Navigate

CCI-002395

CCI-002395 Definition

The information system implements subnetworks for publicly accessible system components that are physically and/or logically separated from internal organizational networks.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed designs the information system to leverage subnetworks so that publicly accessible system components are physically and/or logically separated from internal organizational networks.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines network topology diagrams, architecture documentation, or any other documentation identifying component partitioning to ensure the organization being inspected/assessed implements subnetworks for publicly accessible system components that are physically and/or logically separated from internal organizational networks.

Compelling Evidence

1.) Current network topology diagrams. 2.) Architecture documentation or relevant documentation for identifying component partitioning.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002395.

Control	Description
SC-7	The information system: SC-7a.: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; SC-7b.: Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and SC-7c.: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Control

Description

SC-7

The information system:

SC-7a.: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system;

SC-7b.: Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and

SC-7c.: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.