Prohibit the direct connection of [the unclassified national security system prohibited from directly connecting to an external network is defined;] to an external network without the use of [the boundary protection device required for a direct connection to an external network is defined;].
Supplemental
A direct connection is a dedicated physical or virtual connection between two or more systems. Organizations typically do not have complete control over external networks, including the Internet. Boundary protection devices (e.g., firewalls, gateways, and routers) mediate communications and information flows between unclassified national security systems and external networks.