Navigate

SI-14(3)

SI-14(3): Non-persistent Connectivity

Establish connections to the system on demand and terminate connections after [one of "completion of a request"/"a period of non-use"].

Supplemental

Persistent connections to systems can provide advanced adversaries with paths to move laterally through systems and potentially position themselves closer to high value assets. Limiting the availability of such connections impedes the adversary’s ability to move freely through organizational systems.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-14(3).

Control	Description
SC-10	Terminate the network connection associated with a communications session at the end of the session or after [a time period of inactivity after which the system terminates a network connection associated with a communication session is defined;] of inactivity.

Enhancements

The controls below (if any) add on to the requirements of SI-14(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-14(3).

CCI	Definition
CCI-005016	Refresh connections to the system on demand.
CCI-005017	Terminate connections after completion of a request, or a period of non-use.