zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-04 17:01:56 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ca-9.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

3 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ca-9 - [catalog] Internal System Connections

Control Statement

  • [a] Authorize internal connections of system components to the system;

  • [b] Document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated;

  • [c] Terminate internal system connections after conditions ; and

  • [d] Review frequency the continued need for each internal connection.

Control guidance

Internal system connections are connections between organizational systems and separate constituent system components (i.e., connections between components that are part of the same system) including components used for system development. Intra-system connections include connections with mobile devices, notebook and desktop computers, tablets, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each internal system connection individually, organizations can authorize internal connections for a class of system components with common characteristics and/or configurations, including printers, scanners, and copiers with a specified processing, transmission, and storage capability or smart phones and tablets with a specific baseline configuration. The continued need for an internal system connection is reviewed from the perspective of whether it provides support for organizational missions or business functions.

Control assessment-objective

internal connections of system components to the system are authorized; for each internal connection, the interface characteristics are documented; for each internal connection, the security requirements are documented; for each internal connection, the privacy requirements are documented; for each internal connection, the nature of the information communicated is documented; internal system connections are terminated after conditions; the continued need for each internal connection is reviewed frequency.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ca-9_smt.a

Implementation b.

Add control implementation description here for item ca-9_smt.b

Implementation c.

Add control implementation description here for item ca-9_smt.c

Implementation d.

Add control implementation description here for item ca-9_smt.d