EBCR-1 Connection Rules
Overview
The DoD information system is compliant with established DoD connection rules and approval processes.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI MACII MACIII | Medium | Enclave Boundary Defense |
Details
| Threat |
|---|
| A connection between any type of, or agency owned, information system increases the risk of exploiting existing vulnerabilities with new threats. Great care has been taken in the development of DoD connection rules. It is paramount they be adopted to ensure proper risk management and documentation processes are employed when connecting to disparate systems. |
| Guidance |
|---|
| 1. To start the connection process, Components shall begin by identifying the following in relation to their network as well as the network they wish to connect to: · Information system owner; · DAA of system; · Classification levels processed; and · Ports, protocols and services used. 2. Interconnection risks and agreements shall be reviewed and approved by each DIACAP Team prior to DAA submission. 3. Refer to DoD or other applicable guidance for proper connection requirements and procedures. 4. Connections shall be audited not less then annually to ensure proper configuration and compliance with regulations. |
References
- CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
- DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
- DoDI 8500.2, Information Assurance Implementation, 06 February 2003
- DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004