💼 SC-7 BOUNDARY PROTECTION

Contextual name: 💼 SC-7 BOUNDARY PROTECTION
ID: /frameworks/nist-sp-800-53-r4/sc/07
Located in: 💼 SC SYSTEM AND COMMUNICATIONS PROTECTION

Description

The information system: SC-7a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; SC-7b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and SC-7c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Similar

Internal
- ID: dec-c-537a8fb7

Similar Sections (Give Policies To)

Section	Internal Rules	Policies
💼 NIST CSF v1.1 → 💼 DE.CM-1: The network is monitored to detect potential cybersecurity events	19	28
💼 NIST CSF v1.1 → 💼 PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)	7	13
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented	43	51
💼 NIST CSF v1.1 → 💼 PR.PT-4: Communications and control networks are protected	7	13

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 SC-7 (1) PHYSICALLY SEPARATED SUBNETWORKS
💼 SC-7 (2) PUBLIC ACCESS
💼 SC-7 (3) ACCESS POINTS
💼 SC-7 (4) EXTERNAL TELECOMMUNICATIONS SERVICES
💼 SC-7 (5) DENY BY DEFAULT _ ALLOW BY EXCEPTION
💼 SC-7 (6) RESPONSE TO RECOGNIZED FAILURES
💼 SC-7 (7) PREVENT SPLIT TUNNELING FOR REMOTE DEVICES
💼 SC-7 (8) ROUTE TRAFFIC TO AUTHENTICATED PROXY SERVERS
💼 SC-7 (9) RESTRICT THREATENING OUTGOING COMMUNICATIONS TRAFFIC
💼 SC-7 (10) PREVENT UNAUTHORIZED EXFILTRATION
💼 SC-7 (11) RESTRICT INCOMING COMMUNICATIONS TRAFFIC
💼 SC-7 (12) HOST-BASED PROTECTION
💼 SC-7 (13) ISOLATION OF SECURITY TOOLS _ MECHANISMS _ SUPPORT COMPONENTS
💼 SC-7 (14) PROTECTS AGAINST UNAUTHORIZED PHYSICAL CONNECTIONS
💼 SC-7 (15) ROUTE PRIVILEGED NETWORK ACCESSES
💼 SC-7 (16) PREVENT DISCOVERY OF COMPONENTS _ DEVICES
💼 SC-7 (17) AUTOMATED ENFORCEMENT OF PROTOCOL FORMATS
💼 SC-7 (18) FAIL SECURE
💼 SC-7 (19) BLOCKS COMMUNICATION FROM NON-ORGANIZATIONALLY CONFIGURED HOSTS
💼 SC-7 (20) DYNAMIC ISOLATION _ SEGREGATION
💼 SC-7 (21) ISOLATION OF INFORMATION SYSTEM COMPONENTS
💼 SC-7 (22) SEPARATE SUBNETS FOR CONNECTING TO DIFFERENT SECURITY DOMAINS
💼 SC-7 (23) DISABLE SENDER FEEDBACK ON PROTOCOL VALIDATION FAILURE

Policies (6)

Policy	Logic Count	Flags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-63737248	1
✉️ dec-x-bcae85fb	2
✉️ dec-x-d5fbfc40	1
✉️ dec-x-ec547a7c	1
✉️ dec-z-c82c9f97	1

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (6)​

Internal Rules​