>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GRR-7Reliance on Internet-Based Capabilities

IL4 Mod
IL4 High
IL5

>Control Description

a

What is the CSO or user experience reliance on internet-based capabilities?

b

How are such capabailities available via the CSO infrastructure and the connections to it via the DISA BCAPs?

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Note: Examples include, but are not limited to, DNS and Content Delivery Networks. The CSO must be able to function if DoD limits access to or disconnects from the internet in times of conflict or when the DISN/DODIN is being attacked.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What documented policies and procedures address reliance on internet-based capabilities?
  • Who is accountable for implementing and maintaining reliance on internet-based capabilities controls?
  • How frequently are reliance on internet-based capabilities requirements reviewed, and what triggers updates?
  • What process ensures changes to systems maintain compliance with reliance on internet-based capabilities requirements?
  • How are exceptions to reliance on internet-based capabilities requirements documented and approved?

Technical Implementation:

  • What technical controls enforce reliance on internet-based capabilities in your environment?
  • How are reliance on internet-based capabilities controls configured and maintained across all systems?
  • What automated mechanisms support reliance on internet-based capabilities compliance?
  • How do you validate that reliance on internet-based capabilities implementations achieve their intended security outcome?
  • What compensating controls exist if primary reliance on internet-based capabilities controls cannot be fully implemented?

Evidence & Documentation:

  • What documentation proves reliance on internet-based capabilities is implemented and operating effectively?
  • Can you provide configuration evidence showing how reliance on internet-based capabilities is technically enforced?
  • What audit logs or monitoring data demonstrate ongoing reliance on internet-based capabilities compliance?
  • Can you show evidence of a recent review or assessment of reliance on internet-based capabilities controls?
  • What artifacts would you provide during an assessment to demonstrate reliance on internet-based capabilities compliance?

Ask AI

Configure your API key to use AI features.