Navigate

CA-3 (2)

CA-3 (2): Classified National Security System Connections

The organization prohibits the direct connection of a classified, national security system to an external network without the use of [Assignment: organization-defined boundary protection device].

Supplemental

Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between classified national security systems and external networks. In addition, approved boundary protection devices (typically managed interface/cross-domain systems) provide information flow enforcement from information systems to external networks.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Classified, Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), Int-A, Int-B, Int-C

Related Controls

The controls below (if any) were marked by NIST as being related to CA-3 (2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of CA-3 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CA-3 (2).

CCI	Definition
CCI-000263	The organization prohibits the direct connection of a classified, national security system to an external network without the use of organization-defined boundary protection device.
CCI-002074	The organization defines the boundary protection device to be used for the direct connection of classified, national security system to an external network.