GRR-9—CSP/CSO's Protection

IL4 Mod

IL4 High

IL5

>Control Description

What are the protections in place in the CSP's network and CSO to prevent any internet connection to the CSP's/CSO's network and CSO from becoming a back door to the NIPRNet via the private connection through the BCAP?

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

See Section 5.10.1.1.4 of CC SRG V1R4 for additional details.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What documented policies and procedures address csp/cso's protection?
•Who is accountable for implementing and maintaining csp/cso's protection controls?
•How frequently are csp/cso's protection requirements reviewed, and what triggers updates?
•What process ensures changes to systems maintain compliance with csp/cso's protection requirements?
•How are exceptions to csp/cso's protection requirements documented and approved?

Technical Implementation:

•What technical controls enforce csp/cso's protection in your environment?
•How are csp/cso's protection controls configured and maintained across all systems?
•What automated mechanisms support csp/cso's protection compliance?
•How do you validate that csp/cso's protection implementations achieve their intended security outcome?
•What compensating controls exist if primary csp/cso's protection controls cannot be fully implemented?

Evidence & Documentation:

•What documentation proves csp/cso's protection is implemented and operating effectively?
•Can you provide configuration evidence showing how csp/cso's protection is technically enforced?
•What audit logs or monitoring data demonstrate ongoing csp/cso's protection compliance?
•Can you show evidence of a recent review or assessment of csp/cso's protection controls?
•What artifacts would you provide during an assessment to demonstrate csp/cso's protection compliance?

Ask AI

Configure your API key to use AI features.