System and Communications Protection
16 controls in this family. Select a control for detailed guidance, implementation examples, and assessment questions.
3.13.1
Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
3.13.2
Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
3.13.5
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
3.13.6
Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
3.13.7
Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
3.13.8
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
3.13.9
Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
Need Complete CMMC Guidance?
Get full access to all controls, detailed implementation guidance, and expert support.
Request Full Access