CMMC Domain SC Systems and Communications Protection

Secure your network boundaries and communications.

SC.3.183
Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
SC.3.184
Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
SC.3.193
Implement a policy restricting the publication of CUI on externally-owned, publicly accessible websites (e.g., forums, LinkedIn, Facebook, Twitter).
SC.5.208
Employ organizationally defined and tailored boundary protections in addition to commercially available solutions.
SC.2.178
Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
SC.4.197
Employ physical and logical isolation techniques in the system and security architecture and/or where deemed appropriate by the organization.
SC.1.175
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of information systems.
SC.5.230
Enforce port and protocol compliance.
SC.3.182
Prevent unauthorized and unintended information transfer via shared system resources.
SC.3.189
Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
SC.3.190
Protect the authenticity of communications sessions.
SC.3.191
Protect the confidentiality of CUI at rest.
SC.3.185
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
SC.4.199
Utilize threat intelligence to proactively block DNS requests from reaching malicious domains.
SC.3.192
Implement Domain Name System (DNS) filtering services.
SC.2.179
Use encrypted sessions for the management of network devices.
SC.3.187
Establish and manage cryptographic keys for cryptography employed in organizational systems.
SC.5.198
Configure monitoring systems to record packets passing through the organization's Internet network boundaries and other organizational-defined boundaries.
SC.4.228
Isolate administration of organizationally defined high-value critical network infrastructure components and servers.
SC.3.180
Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
SC.3.181
Separate user functionality from system management functionality.
SC.1.176
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
SC.4.229
Utilize a URL categorization service and implement techniques to enforce URL filtering of websites that are not approved by the organization.
SC.3.186
Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
SC.3.188
Control and monitor the use of mobile code.
SC.4.202
Employ mechanisms to analyze executable code and scripts (e.g., sandbox) traversing Internet network boundaries or other organizationally defined boundaries.
SC.3.177
Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.