zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-06 01:35:22 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/sc-7.4.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

4 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

sc-7.4 - [catalog] External Telecommunications Services

Control Statement

  • [a] Implement a managed interface for each external telecommunication service;

  • [b] Establish a traffic flow policy for each managed interface;

  • [c] Protect the confidentiality and integrity of the information being transmitted across each interface;

  • [d] Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;

  • [e] Review exceptions to the traffic flow policy frequency and remove exceptions that are no longer supported by an explicit mission or business need;

  • [f] Prevent unauthorized exchange of control plane traffic with external networks;

  • [g] Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and

  • [h] Filter unauthorized control plane traffic from external networks.

Control guidance

External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include Border Gateway Protocol (BGP) routing, Domain Name System (DNS), and management protocols. See SP 800-189 for additional information on the use of the resource public key infrastructure (RPKI) to protect BGP routes and detect unauthorized BGP announcements.

Control assessment-objective

a managed interface is implemented for each external telecommunication service; a traffic flow policy is established for each managed interface; the confidentiality of the information being transmitted across each interface is protected; the integrity of the information being transmitted across each interface is protected; each exception to the traffic flow policy is documented with a supporting mission or business need and duration of that need; exceptions to the traffic flow policy are reviewed frequency; exceptions to the traffic flow policy that are no longer supported by an explicit mission or business need are removed; unauthorized exchanges of control plan traffic with external networks are prevented; information is published to enable remote networks to detect unauthorized control plane traffic from internal networks; unauthorized control plane traffic is filtered from external networks.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item sc-7.4_smt.a

Implementation (b)

Add control implementation description here for item sc-7.4_smt.b

Implementation (c)

Add control implementation description here for item sc-7.4_smt.c

Implementation (d)

Add control implementation description here for item sc-7.4_smt.d

Implementation (e)

Add control implementation description here for item sc-7.4_smt.e

Implementation (f)

Add control implementation description here for item sc-7.4_smt.f

Implementation (g)

Add control implementation description here for item sc-7.4_smt.g

Implementation (h)

Add control implementation description here for item sc-7.4_smt.h