Reference: CMMC 2.11
Family: AC
Level Introduced: 2
Title: Control CUI Flow
Practice:
Control the flow of CUI in accordance with approved authorizations.
CMMC Clarification:
Flow control regulates where and how information can flow. Firewalls and proxy servers can be used to control traffic flow. Typically, organizations will have a firewall between the internal network and the internet. Often multiple firewalls are used inside a network to create zones to separate sensitive data, business units or user groups. Proxy servers can be used to break the connection between multiple networks. All traffic entering or leaving a network is intercepted by the proxy, preventing direct access between networks. This can have security and performance benefits. Additionally, organizations should ensure that all sensitive information is encrypted before being transmitted over the internet.
Example
You configure a proxy device on your company's network. Your goal is to better mask and protect the devices inside your network. After you configure the device, information does not flow directly from the internal network to the internet. The proxy system intercepts the traffic. Then, the proxy analyzes it to determine if it is legitimate. If it is, the system allows it on the network and sends it to its destination.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.