SC-7 (4) - External Telecommunications Services
Control requirements
SC-7 (4) (a)
Implement a managed interface for each external telecommunication service.
SC-7 (4) (b)
Establish a traffic flow policy for each managed interface.
SC-7 (4) (c)
Protect the confidentiality and integrity of the information being transmitted across each interface.
SC-7 (4) (d)
Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need.
SC-7 (4) (e)
Review exceptions to the traffic flow policy [IBM Assignment: at least annually] and remove exceptions that are no longer supported by an explicit mission or business need.
SC-7 (4) (f)
Prevent unauthorized exchange of control plane traffic with external networks.
SC-7 (4) (g)
Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks.
SC-7 (4) (h)
Filter unauthorized control plane traffic from external networks.
NIST supplemental guidance
External telecommunications services can provide data and/or voice communications services. Examples of control plane traffic include routing, Domain Name System (DNS), and management. Unauthorized control plane traffic can occur through a technique known as “spoofing.”