System and communications protection requirements provide an array of safeguards for the system. Some of the requirements in this family address the confidentiality information at rest and in transit. The protection of confidentiality can be provided by these requirements through physical or logical means. For example, a company can provide physical protection by segregating certain functions to separate servers, each having its own set of IP addresses. Companies can better safeguard their information by separating user functionality and system management functionality. Providing this type of protection prevents the presentation of system management-related functionality on an interface for non-privileged users. System and communications protection also establishes boundaries that restrict access to publicly accessible information within a system. Using boundary protections, a company can monitor and control communications at external boundaries as well as key internal boundaries within the system.
Examples of system and communication protection requirements include: application partitioning, denial of service protection, boundary protection, trusted path, mobile code, session authenticity, thin nodes, honeypots, transmission confidentiality and integrity, operations security, protection of information at rest and in transit, and usage restrictions. Companies should:
• monitor, control, and protect company communications ( i.e., information transmitted or received by company systems) at the external boundaries and key internal boundaries of the systems and
• employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within company systems.
Related Articles
Physical Protection: SP 800-171 Security Family 3.10
The term physical and environmental security refers to measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment. Physical and environmental requirements cover three ...
Security and Compliance Glossary of Terms
Access Control - The process of granting or denying specific requests to: 1) obtain and use information and related information processing services and 2) enter specific physical facilities (e.g., federal buildings, military ...
CMMC SI.2.216 - Monitor Systems Communications Traffic
Requirement text: SI.2.216: Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 System monitoring includes ...
CMMC SC.1.175 – Monitor and Control Communications
Requirement text: SC.1.175: Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of information systems. ...
Security Assessment: SP 800-171 Security Family 3.12
A security requirement assessment is the testing and/or evaluation of the management, operational, and technical security requirements on a system to determine the extent to which the requirements are implemented correctly, operating as intended, and ...