HOME

CA-3 (3)

CA-3 (3) H M
Description

The organization prohibits the direct connection of an [Assignment: organization-defined unclassified, non-national security system] to an external network without the use of [Assignment; organization-defined boundary protection device].

FedRAMP
  • H CA-3 (3)-2 [Boundary Protections which meet the Trusted Internet Connection (TIC) requirements]
  • M CA-3 (3)-2 [Boundary Protections which meet the Trusted Internet Connection (TIC) requirements]
DISA Cloud Computing SRG

Not appropriate for DoD to define for all CSP's infrastructure or service offerings

Not appropriate for DoD to define for all CSP's infrastructure or service offerings

Source:
DoD RMF TAG

Supplemental Guidance

Organizations typically do not have control over external networks (e.g., the Internet). Approved boundary protection devices (e.g., routers, firewalls) mediate communications (i.e., information flows) between unclassified non-national security systems and external networks. This control enhancement is required for organizations processing, storing, or transmitting Controlled Unclassified Information (CUI).

Further Guidance

CA-3 (3) Guidance: Refer to Appendix H – Cloud Considerations of the TIC 2.0 Reference Architecture document.