800-53|SC-7(3)

Title

ACCESS POINTS

Description

The organization limits the number of external network connections to the information system.

Supplemental

Limiting the number of external network connections facilitates more comprehensive monitoring of inbound and outbound communications traffic. The Trusted Internet Connection (TIC) initiative is an example of limiting the number of external network connections.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.2 Verify that the scheduler API service is protected by RBAC	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
2.15 Ensure 'Force Google SafeSearch' is set to 'Enabled'	Windows	CIS Google Chrome L2 v3.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
5.4 (L1) Host must filter Bridge Protocol Data Unit (BPDU) packets	VMware	CIS VMware ESXi 8.0 v1.1.0 L1
6.8 Ensure that PAN-DB URL Filtering is used	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
6.8 Ensure that PAN-DB URL Filtering is used	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
6.9 Ensure that PAN-DB URL Filtering is used	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.9 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
6.9 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories - override on the URL categories	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
7.1.1 Ensure Protect Mail Activity in Mail Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
7.1.1 Ensure Protect Mail Activity in Mail Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
7.2.4 Ensure Warn When Visiting A Fradulent Website in Safari Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
21.9 (L1) Ensure 'Enable Network Protection' is set to 'Enabled (block mode)'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
21.9 (L1) Ensure 'Enable Network Protection' is set to 'Enabled (block mode)'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1

Detections

Analytics