Navigate

CA-3 (3)

CA-3 (3): Unclassified Non-National Security System Connections

The organization prohibits the direct connection of an [Assignment: organization-defined unclassified, non-national security system] to an external network without the use of [Assignment; organization-defined boundary protection device].

Supplemental

Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between unclassified non-national security systems and external networks. This control enhancement is required for organizations processing, storing, or transmitting Controlled Unclassified Information (CUI).

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Privacy (High), Privacy (Low), Privacy (Mod), Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to CA-3 (3).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of CA-3 (3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CA-3 (3).

CCI	Definition
CCI-002075	The organization prohibits the direct connection of an organization-defined unclassified, non-national security system to an external network without the use of organization-defined boundary protection device.
CCI-002076	The organization defines the unclassified, non-national security system that is prohibited from directly connecting to an external network without the use of an organization-defined boundary protection device.
CCI-002077	The organization defines the boundary protection device to be used to directly connect an organization-defined unclassified, non-national security system to an external network.