NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(28)Connections to Public Networks

Prohibit the direct connection of {{ insert: param, sc-07.28_odp }} to a public network.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

A direct connection is a dedicated physical or virtual connection between two or more systems. A public network is a network accessible to the public, including the Internet and organizational extranets with public access.

Practitioner Notes

Any connection to a public network (the internet) needs extra protection because public networks are inherently untrusted.

Example 1: Route all internet traffic through a secure web gateway that performs TLS inspection, malware scanning, and URL filtering. No system should connect directly to the internet without passing through your security stack.

Example 2: For systems that must be internet-accessible, use a reverse proxy or load balancer as the public-facing endpoint. The actual application servers sit behind the proxy on a private network segment and are never directly exposed to the internet.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability