CA-3(3) — Unclassified Non-national Security System Connections

This enhancement was incorporated into the base CA-3 control. It previously addressed connections between unclassified systems that are not national security systems.

Example 1: Document connections between your corporate IT network and a vendor's system using a standard Memorandum of Understanding (MOU) that defines security responsibilities.

Example 2: Maintain a network diagram showing all external connections from your business systems, reviewed quarterly by your IT security team.