NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(27)Unclassified Non-national Security System Connections

Prohibit the direct connection of {{ insert: param, sc-07.27_odp.01 }} to an external network without the use of {{ insert: param, sc-07.27_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

A direct connection is a dedicated physical or virtual connection between two or more systems. Organizations typically do not have complete control over external networks, including the Internet. Boundary protection devices (e.g., firewalls, gateways, and routers) mediate communications and information flows between unclassified non-national security systems and external networks.

Practitioner Notes

Connections between your systems and other unclassified non-national-security networks must be documented, approved, and monitored — even though the data is not classified.

Example 1: Maintain a list of all external network connections — partner VPNs, vendor remote access, cloud service connections. Each one should have an ISA or MOU that documents what data flows across the connection and what security controls protect it.

Example 2: Review your external connections quarterly. Verify that each connection is still needed, that the security controls described in the ISA are still in place, and that the other party is still meeting their security obligations. Remove connections that are no longer needed.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability