National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

CA-9 INTERNAL SYSTEM CONNECTIONS

Family:
CA - SECURITY ASSESSMENT AND AUTHORIZATION
Class:
Priority:
P2 - Implement P2 security controls after implementation of P1 controls.
Baseline Allocation:
Low Moderate High
CA-9 CA-9 CA-9

Control Description

The organization:

a. Authorizes internal connections of [Assignment: organization-defined information system components or classes of components] to the information system; and

b. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated.

Supplemental Guidance

This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.

Related to: AC-3AC-4AC-18AC-19AU-2AU-12CA-7CM-2IA-3SC-7SI-4

Control Enhancements

CA-9(1) INTERNAL SYSTEM CONNECTIONS | SECURITY COMPLIANCE CHECKS
The information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.
Supplemental Guidance: Security compliance checks may include, for example, verification of the relevant baseline configuration.
Related to: CM-6

References

None.