System and Communications Protection
Monitor and protect communications and system boundaries.
Boundary Protection
Monitor, control, and protect communications at external and key internal boundaries.
Security Engineering
Employ architectural designs, software development techniques, and systems engineering principles for secure systems.
Subnetwork Separation
Separate user functionality from system management functionality.
Information Sharing Prevention
Prevent unauthorized and unintended information transfer via shared system resources.
Public-Access System Components
Implement subnetworks for publicly accessible system components separated from internal networks.
Network Communications
Deny network communications by default and allow by exception.
Split Tunneling Prevention
Prevent remote devices from simultaneously establishing non-remote connections and external communications.
Transmission Confidentiality
Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI in transit.
Network Disconnect
Terminate network connections at end of session or after inactivity.
Cryptographic Key Management
Establish and manage cryptographic keys for cryptography employed in the system.
FIPS-Validated Cryptography
Employ FIPS-validated cryptography when used to protect CUI.
Collaborative Computing
Prohibit remote activation of collaborative computing devices and provide indication when in use.
Mobile Code
Control and monitor the use of mobile code.
VoIP
Control and monitor the use of Voice over Internet Protocol technologies.
Communications Authenticity
Protect the authenticity of communications sessions.
Data at Rest
Protect the confidentiality of CUI at rest.