Overview:
The organization prohibits the direct connection of an [Assignment: organization-defined unclassified, non-national security system] to an external network without the use of [Assignment; organization-defined boundary protection device].
Supplemental Guidance:
Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between unclassified non-national security systems and external networks. This control enhancement is required for organizations processing, storing, or transmitting Controlled Unclassified Information (CUI).
Action Items:
1) Implement boundary protection devices between the organization and an external network
Related Documents:
1) Security Assessment and Authorization Policy
2) System Security Plan
3) Network Security Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
CA-3 (3)-2 [Boundary Protections which meet the Trusted Internet Connection (TIC) requirements]
Moderate Additional FedRAMP Requirements and Guidance
CA-3 (3) Guidance: Refer to Appendix H – Cloud Considerations of the TIC 2.0 Reference Architecture document.
Article ID: 631
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/fedramp-unclassified-non-national-security-system-connections-ca-3-3-631.html