SC-7 (03)—Boundary Protection | Access Points
>Control Description
>FedRAMP Baseline Requirements
No FedRAMP-specific parameter values or requirements for this baseline.
>Discussion
Limiting the number of external network connections facilitates monitoring of inbound and outbound communications traffic. The Trusted Internet Connection DHS TIC initiative is an example of a federal guideline that requires limits on the number of external network connections. Limiting the number of external network connections to the system is important during transition periods from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols).
Such transitions may require implementing the older and newer technologies simultaneously during the transition period and thus increase the number of access points to the system.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of access points?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-7(3)?
Technical Implementation:
- •How is access points technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that access points remains effective as the system evolves?
- •What network boundary protections are in place (firewalls, gateways, etc.)?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-7(3)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
- •Can you provide network architecture diagrams and firewall rulesets?
Ask AI
Configure your API key to use AI features.