STIGhub
STIGs
RMF Controls
Compare
← SC-7 (14) — Boundary Protection
CCI-001121
Definition
Protect against unauthorized physical connections at organization-defined managed interfaces.
Parent Control
SC-7 (14)
Boundary Protection
System and Communications Protection
Linked STIG Checks (6)
V-251333
CAT I
Written mission justification approval must be obtained from the Office of the DoD CIO prior to establishing a direct connection to the Internet via commercial service provider outside DoD CIO approved Internet access points (e.g. DISA IAP, Cloud Access Point, NIPRnet Federated Gateway, DREN IAP, etc.).
Network Infrastructure Policy Security Technical Implementation Guide
V-251334
CAT III
The connection between the Channel Service Unit/Data Service Unit (CSU/DSU) and the Local Exchange Carriers (LEC) data service jack (i.e., demarc) as well as any service provider premise equipment must be located in a secure environment.
Network Infrastructure Policy Security Technical Implementation Guide
V-251354
CAT II
All external connections must be validated and approved by the Authorizing Official (AO) and the Connection Approval Office (CAO) and meeting Connection Approval Process (CAP) requirements.
Network Infrastructure Policy Security Technical Implementation Guide
V-251355
CAT II
Prior to having external connection provisioned between enclaves, a Memorandum of Agreement (MOA) or Memorandum of Understanding (MOU) must be established.
Network Infrastructure Policy Security Technical Implementation Guide
V-251356
CAT II
External connections to the network must be reviewed and the documentation updated semi-annually.
Network Infrastructure Policy Security Technical Implementation Guide
V-251357
CAT II
If the site has a non-DoD external connection (i.e. Approved Gateway), an Intrusion Detection and Prevention System (IDPS) must be located between the sites Approved Gateway and the perimeter router.
Network Infrastructure Policy Security Technical Implementation Guide