NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(14)Protect Against Unauthorized Physical Connections

Protect against unauthorized physical connections at {{ insert: param, sc-07.14_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Systems that operate at different security categories or classification levels may share common physical and environmental controls, since the systems may share space within the same facilities. In practice, it is possible that these separate systems may share common equipment rooms, wiring closets, and cable distribution paths. Protection against unauthorized physical connections can be achieved by using clearly identified and physically separated cable trays, connection frames, and patch panels for each side of managed interfaces with physical access controls that enforce limited authorized access to these items.

Practitioner Notes

This control protects against someone physically plugging an unauthorized device into your network — a rogue switch, a wireless access point, or a network tap.

Example 1: Enable 802.1X port-based network access control on your switches. Only devices with valid machine certificates or credentials can connect to the network. Unknown devices are placed on a quarantine VLAN or blocked entirely.

Example 2: Disable unused switch ports and lock server room patch panels. Conduct periodic physical inspections to look for unauthorized devices connected to your network. Use your switch management console to alert on new MAC addresses appearing on ports that should have known devices.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability