zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-04 08:52:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/sc-7.4.md
Logan McDonald 8d493d2e44
Document things cloud.gov CRM fully supports (#122) 
* document things cloud.gov crm fully supports

* run make assemble
2022-10-13 10:36:44 -04:00

4.1 KiB
Raw Blame History

implementation-status control-origination
c-partially-implemented
c-inherited-cloud-gov

sc-7.4 - [catalog] External Telecommunications Services

Control Statement

  • [a] Implement a managed interface for each external telecommunication service;

  • [b] Establish a traffic flow policy for each managed interface;

  • [c] Protect the confidentiality and integrity of the information being transmitted across each interface;

  • [d] Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;

  • [e] Review exceptions to the traffic flow policy frequency and remove exceptions that are no longer supported by an explicit mission or business need;

  • [f] Prevent unauthorized exchange of control plane traffic with external networks;

  • [g] Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and

  • [h] Filter unauthorized control plane traffic from external networks.

Control guidance

External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include Border Gateway Protocol (BGP) routing, Domain Name System (DNS), and management protocols. See SP 800-189 for additional information on the use of the resource public key infrastructure (RPKI) to protect BGP routes and detect unauthorized BGP announcements.

Control assessment-objective

a managed interface is implemented for each external telecommunication service; a traffic flow policy is established for each managed interface; the confidentiality of the information being transmitted across each interface is protected; the integrity of the information being transmitted across each interface is protected; each exception to the traffic flow policy is documented with a supporting mission or business need and duration of that need; exceptions to the traffic flow policy are reviewed frequency; exceptions to the traffic flow policy that are no longer supported by an explicit mission or business need are removed; unauthorized exchanges of control plan traffic with external networks are prevented; information is published to enable remote networks to detect unauthorized control plane traffic from internal networks; unauthorized control plane traffic is filtered from external networks.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item sc-7.4_smt.a

Implementation (b)

cloud.gov is responsible for monitoring, security, and policy enforcement for the configuration of external interfaces.

Implementation (c)

cloud.gov is responsible for monitoring, security, and policy enforcement for the configuration of external interfaces.

Implementation (d)

cloud.gov is responsible for monitoring, security, and policy enforcement for the configuration of external interfaces.

Implementation (e)

cloud.gov is responsible for monitoring, security, and policy enforcement for the configuration of external interfaces.

Implementation (f)

Add control implementation description here for item sc-7.4_smt.f

Implementation (g)

Add control implementation description here for item sc-7.4_smt.g

Implementation (h)

Add control implementation description here for item sc-7.4_smt.h