An error occurred:

© 2024 Xylok, LLC

Version: v2024.12.1-0560-0560

Navigate

SC-7(4)

SC-7(4): External Telecommunications Services

The organization:

(a): Implements a managed interface for each external telecommunication service;

(b): Establishes a traffic flow policy for each managed interface;

(c): Protects the confidentiality and integrity of the information being transmitted across each interface;

(d): Documents each exception to the traffic flow policy with a supporting mission/business need and duration of that need; and

(e): Reviews exceptions to the traffic flow policy [organization-defined frequency] and removes exceptions that are no longer supported by an explicit mission/business need.

Supplemental

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-7(4).

Control	Description
SC-8	The information system protects the [one or more of confidentiality/integrity] of transmitted information.

Enhancements

The controls below (if any) add on to the requirements of SC-7(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-7(4).

CCI	Definition
CCI-001102	Implement a managed interface for each external telecommunication service.
CCI-001103	Establish a traffic flow policy for each managed interface for each external telecommunication service.
CCI-001105	Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need.
CCI-001106	Review exceptions to the traffic flow policy on an organization-defined frequency for each external telecommunication service.
CCI-001107	Defines a frequency for the review of exceptions to the traffic flow policy for each external telecommunication service.
CCI-001108	Remove traffic flow policy exceptions that are no longer supported by an explicit mission or business need for each external telecommunication service.
CCI-002396	Protect the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service.