UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CA-9 INTERNAL SYSTEM CONNECTIONS


Overview

Number Title Impact Priority Subject Area
CA-9 Internal System Connections LOW P2 Security Assessment And Authorization

Instructions
The organization:
CA-9a.
Authorizes internal connections of Assignment: organization-defined information system components or classes of components to the information system; and
CA-9b.
Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated.
Guidance
This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.

Enhancements
CA-9 (1) Security Compliance Checks
Security compliance checks may include, for example, verification of the relevant baseline configuration.

The information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.