🛡️ SC — System and Communications Protection
Monitor, control, and protect communications at system boundaries
← Back to all domains16 Practices
Monitor, control, and protect organizational communications at the external boundaries
This practice means your organization must actively watch, manage, and secure all incoming and outgoing network traffic where your systems connect to ...
Implement subnetworks for publicly accessible system components
This control requires separating publicly accessible systems (like websites or email servers) from your internal network by placing them in their own ...
Deny network communications traffic by default and allow network communications traffic by exception
This practice means that your network should block all traffic by default and only allow specific traffic that you explicitly permit. Think of it like...
Establish and manage cryptographic keys for cryptography
This practice means that your organization needs to create and maintain cryptographic keys used for encrypting and decrypting data securely. Cryptogra...
Employ FIPS-validated cryptography when used to protect CUI
This control requires using government-approved encryption methods (FIPS-validated) whenever you're protecting sensitive defense information (CUI). Th...
Prohibit remote activation of collaborative computing devices
This control requires organizations to disable the ability for collaborative computing devices (like video conferencing systems, smart whiteboards, or...
Control and monitor the use of mobile code
This practice requires organizations to manage and oversee the use of mobile code (like JavaScript, macros, or Flash) that can be downloaded and execu...
Control and monitor the use of VoIP technologies
This control requires organizations to actively manage and oversee Voice over Internet Protocol (VoIP) systems to ensure they are used securely. VoIP ...
Protect the authenticity of communications sessions
This control ensures that communication sessions (like remote logins or data transfers) are genuine and not hijacked by attackers. Think of it like ve...
Protect the confidentiality of CUI at rest
This practice requires ensuring that Controlled Unclassified Information (CUI) stored on devices or systems is kept confidential and secure. This mean...
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission
This control requires using encryption to protect Controlled Unclassified Information (CUI) when it's being sent over networks. Think of it like putti...
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI at rest
This control requires encrypting sensitive data (CUI) when it's stored ('at rest') to prevent unauthorized access if the storage is compromised. Think...
Deny network communications traffic by default and allow by exception
This practice means that your network should block all traffic by default and only allow specific traffic that is explicitly permitted. Think of it li...
Prevent remote devices from simultaneously establishing connections with organizational systems
This practice ensures that remote devices, like laptops or smartphones, cannot connect to your organization's systems from multiple locations at the s...
Implement cryptographic mechanisms to prevent unauthorized disclosure at rest
This control requires organizations to use encryption to protect sensitive data when it is stored (at rest). Encryption transforms data into a format ...
Terminate network connections associated with communications sessions at the end of the sessions
This control requires that any network connection established for a communication session is properly terminated once the session ends. Think of it li...