SC-46—Cross Domain Policy Enforcement
IL4 Mod
IL4 High
IL5
IL6
>Control Description
Implement a policy enforcement mechanism ☑physically; logically between the physical and/or network interfaces for the connecting security domains.
>DoD Impact Level Requirements
DoD FedRAMP+ Parameters
DSPAV must be used.
>Discussion
For logical policy enforcement mechanisms, organizations avoid creating a logical path between interfaces to prevent the ability to bypass the policy enforcement mechanism. For physical policy enforcement mechanisms, the robustness of physical isolation afforded by the physical implementation of policy enforcement to preclude the presence of logical covert channels penetrating the security domain may be needed. Contact ncdsmo@nsa.gov for more information.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of cross domain policy enforcement?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-46?
Technical Implementation:
- •How is cross domain policy enforcement technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that cross domain policy enforcement remains effective as the system evolves?
- •What network boundary protections are in place (firewalls, gateways, etc.)?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-46?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
- •Can you provide network architecture diagrams and firewall rulesets?
Ask AI
Configure your API key to use AI features.