GRR-9—CSP/CSO's Protection
IL4 Mod
IL4 High
IL5
>Control Description
What are the protections in place in the CSP's network and CSO to prevent any internet connection to the CSP's/CSO's network and CSO from becoming a back door to the NIPRNet via the private connection through the BCAP?
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
See Section 5.10.1.1.4 of CC SRG V1R4 for additional details.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What documented policies and procedures address csp/cso's protection?
- •Who is accountable for implementing and maintaining csp/cso's protection controls?
- •How frequently are csp/cso's protection requirements reviewed, and what triggers updates?
- •What process ensures changes to systems maintain compliance with csp/cso's protection requirements?
- •How are exceptions to csp/cso's protection requirements documented and approved?
Technical Implementation:
- •What technical controls enforce csp/cso's protection in your environment?
- •How are csp/cso's protection controls configured and maintained across all systems?
- •What automated mechanisms support csp/cso's protection compliance?
- •How do you validate that csp/cso's protection implementations achieve their intended security outcome?
- •What compensating controls exist if primary csp/cso's protection controls cannot be fully implemented?
Evidence & Documentation:
- •What documentation proves csp/cso's protection is implemented and operating effectively?
- •Can you provide configuration evidence showing how csp/cso's protection is technically enforced?
- •What audit logs or monitoring data demonstrate ongoing csp/cso's protection compliance?
- •Can you show evidence of a recent review or assessment of csp/cso's protection controls?
- •What artifacts would you provide during an assessment to demonstrate csp/cso's protection compliance?
Ask AI
Configure your API key to use AI features.