Navigate

CCI-002395

CCI-002395 Definition

Implement subnetworks for publicly accessible system components that are physically and/or logically separated from internal organizational networks.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if subnetworks for publicly accessible system components are [SC-07_ODP; one of the following PARAMETER VALUES is selected: {physically; logically}] separated from internal Organizational networks.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing boundary protection; list of key internal boundaries of the system; system design documentation; boundary protection hardware and software; system configuration settings and associated documentation; enterprise security architecture documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with boundary protection responsibilities]. Test: [SELECT FROM: Mechanisms implementing boundary protection capabilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002395.

Control	Description
SC-7	a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system; b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.

Control

Description

SC-7

a: Monitor and control communications at the external managed interfaces to the system and at key internal managed interfaces within the system;

b: Implement subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and

c: Connect to external networks or systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security and privacy architecture.