Back

Manage all external network connections.


CONTROL ID
11842
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Identify and control all network access controls., CC ID: 00529

This Control has the following implementation support Control(s):
  • Route outbound Internet traffic through a proxy server that supports decrypting network traffic., CC ID: 12116
  • Prohibit systems from connecting directly to external networks., CC ID: 08709
  • Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ)., CC ID: 16360


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • AIs should establish a secure Internet infrastructure (including the design of the demilitarized zone and configuration of the relevant devices, as well as intrusion detection controls) to support their Internet banking system. Moreover, AIs should implement adequate security measures for the intern… (§ 5.2.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • AIs should establish a secure Internet infrastructure (including the design of the demilitarized zone and configuration of the relevant devices, as well as intrusion detection controls) to support their Internet banking system. Moreover, AIs should implement adequate security measures for the intern… (§ 5.2.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • O56: The organization shall establish methods of operational management for external connections. O56.1: To perform the operational management of connections, for network data transfers, the organization shall establish a method by which the identities of the terminal and connect-to party can be det… (O56, O56.1, O56.2, O56.3(2), O56.3(4), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • It is recommended that network devices connected to external networks (the Internet, public network, etc.) be properly managed by monitoring them. (P42.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • In the case of connecting through open networks, such as connections by use of the Internet or remote access through public lines, where it is highly possible for a number of unspecified persons to invade the company systems, it is necessary to establish operational management methods for connection… (P34.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Connect to external WiFi access points carefully and secure communications, e.g. by using Virtual Private Networks (VPN). (Annex A2: Portable Computing & Removable Storage Media Security 21, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • The organization should ensure web browsing from a mobile device is accomplished through the Internet gateway instead of a direct Internet connection. (Control: 0874, Australian Government Information Security Manual: Controls)
  • Have computers that do not need to connect to the Internet been prevented from initiating connections to the Internet (Default deny)? (Firewalls Question 7, Cyber Essentials Scheme (CES) Questionnaire, Versions 3.3)
  • Financial entities shall identify and document all processes that are dependent on ICT third-party service providers, and shall identify interconnections with ICT third-party service providers that provide services that support critical or important functions. (Art. 8.5., Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • All external or less trusted interfaces of the service should be identified and appropriately defended. (11. ¶ 1, Cloud Security Guidance, 1.0)
  • All external or less trusted interfaces of the service should be identified and protected. (11: ¶ 1, Cloud Security Guidance, 1.0)
  • All external or less trusted interfaces to the service should be identified and defended. (11. ¶ 1, Cloud Security Guidance, 2)
  • Does the firewall restrict packets from coming into the network or leaving the network that do not have a source or Destination Address of a private address or an address listed in the rfc1918 reserved space, including 10.x.x.x/8, 172.16.x.x/12, or 192.168.x.x/16, and the loopback network 127.0.0.0/… (App Table Firewalls Row 1, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Interview the responsible personnel and examine the records for a sample of network connections to verify the network connections were approved and tested. (Testing Procedures § 1.1.1.b, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Establish and implement firewall configuration standards and router configuration standards that includes a formal process to test and approve all network connections. (PCI DSS Requirements § 1.1.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Is there a formal process for approving and testing all network connections and changes to the firewall and router configurations? (PCI DSS Question 1.1.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is there a formal process for approving and testing all network connections and changes to the firewall and router configurations? (PCI DSS Question 1.1.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Business applications should protect against unauthorized disclosure of sensitive information by ensuring that they are prevented from initiating network connections to the Internet (e.g., through server configuration or by rules on a firewall). (CF.04.01.03c, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that external connections should be identified. (CF.09.03.01a, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that Information Systems and networks should be configured to restrict access. (CF.09.03.01b, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that only authorized types of remote access device are permitted. (CF.09.03.01c, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that details of external connections should be documented. (CF.09.03.01d, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that external connections should be removed when no longer required. (CF.09.03.01e, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that external connections should be identified. (CF.09.03.01a, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that Information Systems and networks should be configured to restrict access. (CF.09.03.01b, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that only authorized types of remote access device are permitted. (CF.09.03.01c, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that details of external connections should be documented. (CF.09.03.01d, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for managing external network access to the organization's Information Systems and networks, which specify that external connections should be removed when no longer required. (CF.09.03.01e, The Standard of Good Practice for Information Security, 2013)
  • The organization authorizes and monitors all third-party connections. (DE.CM-6.1, CRI Profile, v1.2)
  • The organization authorizes and monitors all third-party connections. (DE.CM-6.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Any connections to outside each security zone should occur through managed interfaces consisting of appropriate boundary protection devices (for example, proxies, gateways, routers, firewalls, unidirectional gateways, guards and encrypted tunnels) arranged in an effective architecture (for example, … (15.12.2 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • When desktop computers are used to transmit scoped systems and data, are non-company managed personal computers used to connect to the company network absent detection? (§ G.22.10, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Are there external network connections (Internet, extranet, etc.)? (§ G.11, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • For external network connections, are there security standards for network devices (baseline configuration, patching, passwords, access control)? (§ G.11.1, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Is there an approval process to allow extranet connections? (§ G.11.12, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Verify and control/limit connections to and use of external information systems. (§ 52.204-21 (b)(1)(iii), 48 CFR Part 52.204-21, Basic Safeguarding of Covered Contractor Information Systems)
  • Verify and control/limit connections to and use of external information systems. (AC.L1-3.1.20 External Connections, Cybersecurity Maturity Model Certification, Version 2.0, Level 1)
  • Verify and control/limit connections to and use of external information systems. (AC.L1-3.1.20 External Connections, Cybersecurity Maturity Model Certification, Version 2.0, Level 2)
  • Impact Level 6: The DoD Mission Owner systems/applications instantiated in these Impact Level 6 CSO enclaves will be assessed and authorized the same way any other DoD SIPRNet enclave connection IAW the DISA CPG. Approval for connection to the SIPRNet will be processed through the DISA classified co… (Section 5.10.1.6 ¶ 2, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • The agency shall ensure all connections to external networks, the Internet, or Information Systems occur through controlled interfaces. (§ 5.10.1.1(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Ensure any connections to the Internet, other external networks, or information systems occur through controlled interfaces (e.g. proxies, gateways, routers, firewalls, encrypted tunnels). See Section 5.13.4.3 for guidance on personal firewalls. (§ 5.10.1.1 ¶ 1(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Monitor and control communications at the external boundary of the information system and at key internal boundaries within the system. (§ 5.10.1.1 ¶ 1(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Ensure any connections to the Internet, other external networks, or information systems occur through controlled interfaces (e.g. proxies, gateways, routers, firewalls, encrypted tunnels). See Section 5.13.4.3 for guidance on personal firewalls. (§ 5.10.1.1 ¶ 1 3., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Monitor and control communications at the external boundary of the information system and at key internal boundaries within the system. (§ 5.10.1.1 ¶ 1 2., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The institution ensures that third-party connections are authorized. (Domain 4: Assessment Factor: Connections, CONNECTIONS Baseline 1 ¶ 2, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Network diagrams, including configuration or component changes and the entity's internal and external connections. (App A Objective 1:3c, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The connection between the entity and its third parties. (App A Objective 14:2b, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Internal and external communication systems within and across the entity's authorization boundary(ies). (App A Objective 14:2a, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • The adequacy of firewall architectures and the security of connections with public networks. (TIER II OBJECTIVES AND PROCEDURES C.1. Bullet 9, FFIEC IT Examination Handbook - Audit, April 2012)
  • Authorizes the connection of mobile devices to organizational information system. (AC-19b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization limits the number of external network connections to the information system. (SC-7(3) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [FedRAMP Assignment: no longer than ten (10) minutes for privileged sessions and no longer than fifteen (15) minutes for user sessions] of inactivity. (SC-10 High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [FedRAMP Assignment: no longer than 30 minutes for RAS-based sessions or no longer than 60 minutes for non-interactive user sessions] of inactivity. (SC-10 Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization limits the number of external network connections to the information system. (SC-7(3) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), FedRAMP Security Controls High Baseline, Version 5)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., FedRAMP Security Controls High Baseline, Version 5)
  • Terminate the network connection associated with a communications session at the end of the session or after [FedRAMP Assignment: no longer than ten (10) minutes for privileged sessions and no longer than fifteen (15) minutes for user sessions] of inactivity. (SC-10 Control, FedRAMP Security Controls High Baseline, Version 5)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., FedRAMP Security Controls Low Baseline, Version 5)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), FedRAMP Security Controls Moderate Baseline, Version 5)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Terminate the network connection associated with a communications session at the end of the session or after [FedRAMP Assignment: no longer than ten (10) minutes for privileged sessions and no longer than fifteen (15) minutes for user sessions] of inactivity. (SC-10 Control, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1 Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Implements a managed interface for each external telecommunication service; (SC-7(4) ¶ 1(a) Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Implements a managed interface for each external telecommunication service; (SC-7(4) ¶ 1(a) High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control: Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control: High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • SCADA and historian software vendors typically provide Web servers as a product option so that users outside the control room can access ICS information. In many cases, software components such as ActiveX controls or Java applets must be installed or downloaded onto each client machine accessing the… (§ 6.2.1.2 ICS-specific Recommendations and Guidance ¶ 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must enforce the remote connection requirements to the smart grid Information System. (SG.AC-2 Requirement 4, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must authorize all connections to other Information Systems. (SG.CA-4 Requirement 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization should identify and protect all external system connections and communication connections from damage or tampering. (SG.CA-4 Additional Considerations A1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must identify all external smart grid Information System and communication connections and protect them from damage or tampering. (SG.SC-18 Requirement, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The Information System must connect to external networks and Information Systems with boundary protection devices which comply with organizational security architecture policy. (App F § SC-7.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should implement managed interfaces for external telecommunication services. (App F § SC-7(4)(a), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The Information System should route all network, privileged access through a dedicated, managed interface to allow for access control and auditing. (App F § SC-7(15), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization limits the number of external network connections to the information system. (SC-7(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization implements a managed interface for each external telecommunication service. (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing. (SC-7(15), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization limits the number of external network connections to the information system. (SC-7(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization implements a managed interface for each external telecommunication service. (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization limits the number of external network connections to the information system. (SC-7(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization implements a managed interface for each external telecommunication service. (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement a managed interface for each external telecommunication service; (SC-7(4)(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Limit the number of external network connections to the system. (SC-7(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Terminate the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. (SC-10 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Authorize the connection of mobile devices to organizational systems. (AC-19b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., TX-RAMP Security Controls Baseline Level 1)
  • Authorizes the connection of mobile devices to organizational information systems. (AC-19b., TX-RAMP Security Controls Baseline Level 2)
  • The organization limits the number of external network connections to the information system. (SC-7(3) ¶ 1, TX-RAMP Security Controls Baseline Level 2)
  • Implements a managed interface for each external telecommunication service; (SC-7(4)(a), TX-RAMP Security Controls Baseline Level 2)
  • The information system terminates the network connection associated with a communications session at the end of the session or after [TX-RAMP Assignment: no longer than 30 minutes for RAS-based sessions or no longer than 60 minutes for non-interactive user sessions] of inactivity. (SC-10 Control, TX-RAMP Security Controls Baseline Level 2)