SC-7(4)

  • Requirement

    1. Implement a managed interface for each external telecommunication service;
    2. Establish a traffic flow policy for each managed interface;
    3. Protect the confidentiality and integrity of the information being transmitted across each interface;
    4. Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;
    5. Review exceptions to the traffic flow policy [Assignment: organization-defined frequency] and remove exceptions that are no longer supported by an explicit mission or business need;
    6. Prevent unauthorized exchange of control plane traffic with external networks;
    7. Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and
    8. Filter unauthorized control plane traffic from external networks.
  • Discussion

    External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include Border Gateway Protocol (BGP) routing, Domain Name System (DNS), and management protocols. See SP 800-189 for additional information on the use of the resource public key infrastructure (RPKI) to protect BGP routes and detect unauthorized BGP announcements.

More Info

  • Title

    Boundary Protection | External Telecommunications Services
  • Family

    System and Communications Protection
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID

    AC-3;SC-8;SC-20;SC-21;SC-22

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!