Control: The organisation:
B. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated.
Supplemental Guidance: This control applies to connections between organisational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorising each individual internal connection, organisations can authorise internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.
Related controls: AC-3, AC-4, AC-18, AC-19, AU-2, AU-12, CA-7, CM-2, IA-3, SC-7, SI-4.
Internal System Connections Control Enhancements:
CA-9 (1) Internal System Connections - Security compliance checks
The information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.
Supplemental Guidance: Security compliance checks may include, for example, verification of the relevant baseline configuration.
Related controls: CM-6.