CA-9 INTERNAL SYSTEM CONNECTIONS
Overview
| Number | Title | Impact | Priority | Subject Area |
|---|---|---|---|---|
| CA-9 | Internal System Connections | LOW | P2 | Security Assessment And Authorization |
| Instructions |
|---|
| The organization: CA-9a. Authorizes internal connections of Assignment: organization-defined information system components or classes of components to the information system; and CA-9b. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated. |
| Guidance |
|---|
| This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration. |
| Enhancements | ||
|---|---|---|
The information system performs security compliance checks on constituent system components prior to the establishment of the internal connection. |