STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-7 (4)

System and Communications ProtectionRev 5organization

Boundary Protection

Baselines:ModerateHigh

Control Statement

(a) Implement a managed interface for each external telecommunication service; (b) Establish a traffic flow policy for each managed interface; (c) Protect the confidentiality and integrity of the information being transmitted across each interface; (d) Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need; (e) Review exceptions to the traffic flow policy [Assignment: frequency] and remove exceptions that are no longer supported by an explicit mission or business need; (f) Prevent unauthorized exchange of control plane traffic with external networks; (g) Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and (h) Filter unauthorized control plane traffic from external networks.

Supplemental Guidance

External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include Border Gateway Protocol (BGP) routing, Domain Name System (DNS), and management protocols. See [SP 800-189](#f5edfe51-d1f2-422e-9b27-5d0e90b49c72) for additional information on the use of the resource public key infrastructure (RPKI) to protect BGP routes and detect unauthorized BGP announcements.

Related Controls (5)

AC-3SC-8SC-20SC-21SC-22

CCI Identifiers (11)

CCI-004871Filter unauthorized control plane traffic from external networks.CCI-001102Implement a managed interface for each external telecommunication service.CCI-001103Establish a traffic flow policy for each managed interface for each external telecommunication service.CCI-001104The organization employs security controls as needed to protect the confidentiality and integrity of the information being transmitted.CCI-001105Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need.CCI-001106Review exceptions to the traffic flow policy on an organization-defined frequency for each external telecommunication service.CCI-001107Defines a frequency for the review of exceptions to the traffic flow policy for each external telecommunication service.CCI-001108Remove traffic flow policy exceptions that are no longer supported by an explicit mission or business need for each external telecommunication service.

Linked STIG Checks (11)

Across 2 STIGs. Click to expand.

CCI-004869Prevent unauthorized exchange of control plane traffic with external networks.
CCI-004870Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks.
CCI-002396Protect the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service.