SC — System and Communications Protection
67 controls in the System and Communications Protection family
SC-1Policy and Procedures
IL4 ModIL4 HighIL5IL6
SC-2Separation of System and User Functionality
IL4 ModIL4 HighIL5IL6
SC-3Security Function Isolation
IL4 HighIL5IL6
SC-4Information in Shared System Resources
IL4 ModIL4 HighIL5IL6
SC-5Denial-of-service Protection
IL4 ModIL4 HighIL5IL6
SC-7Boundary Protection
IL4 ModIL4 HighIL5IL6
SC-7(3)Boundary Protection | Access Points
IL4 ModIL4 HighIL5IL6
SC-7(4)Boundary Protection | External Telecommunications Services
IL4 ModIL4 HighIL5IL6
SC-7(5)Boundary Protection | Deny by Default -- Allow by Exception
IL4 ModIL4 HighIL5IL6
SC-7(7)Boundary Protection | Split Tunneling for Remote Devices
IL4 ModIL4 HighIL5IL6
SC-7(8)Boundary Protection | Route Traffic to Authenticated Proxy Servers
IL4 ModIL4 HighIL5IL6
SC-7(9)Boundary Protection | Restrict Threatening Outgoing Communications Traffic
IL5IL6
SC-7(10)Boundary Protection | Prevent Exfiltration
IL4 HighIL5IL6
SC-7(11)Boundary Protection | Restrict Incoming Communications Traffic
IL5IL6
SC-7(12)Boundary Protection | Host-based Protection
IL4 ModIL4 HighIL5IL6
SC-7(13)Boundary Protection | Isolation of Security Tools, Mechanisms, and Support Components
IL5IL6
SC-7(14)Boundary Protection | Protect Against Unauthorized Physical Connections
IL5IL6
SC-7(15)Boundary Protection | Networked Privileged Accesses
IL5IL6
SC-7(18)Boundary Protection | Fail Secure
IL4 ModIL4 HighIL5IL6
SC-7(20)Boundary Protection | Dynamic Isolation and Segregation
IL4 HighIL5IL6
SC-7(21)Boundary Protection | Isolation of System Components
IL4 HighIL5IL6
SC-7(25)Boundary Protection | Unclassified National Security System Connections
IL5IL6
SC-7(26)Boundary Protection | Classified National Security System Connections
IL6
SC-7(28)Boundary Protection | Connections to Public Networks
IL5IL6
SC-7(29)Boundary Protection | Separate Subnets to Isolate Functions
IL5IL6
SC-8Transmission Confidentiality and Integrity
IL4 ModIL4 HighIL5IL6
SC-8(1)Transmission Confidentiality and Integrity | Cryptographic Protection
IL4 ModIL4 HighIL5IL6
SC-8(2)Transmission Confidentiality and Integrity | Pre- and Post-transmission Handling
IL5IL6
SC-8(3)Transmission Confidentiality and Integrity | Cryptographic Protection for Message Externals
IL6
SC-8(4)Transmission Confidentiality and Integrity | Conceal or Randomize Communications
IL6
SC-10Network Disconnect
IL4 ModIL4 HighIL5IL6
SC-12Cryptographic Key Establishment and Management
IL4 ModIL4 HighIL5IL6
SC-12(1)Cryptographic Key Establishment and Management | Availability
IL4 HighIL5IL6
SC-12(2)Cryptographic Key Establishment and Management | Symmetric Keys
IL6
SC-12(3)Cryptographic Key Establishment and Management | Asymmetric Keys
IL6
SC-12(6)Cryptographic Key Establishment and Management | Physical Control of Keys
IL4 ModIL4 HighIL5IL6
SC-13Cryptographic Protection
IL4 ModIL4 HighIL5IL6
SC-15Collaborative Computing Devices and Applications
IL4 ModIL4 HighIL5IL6
SC-15(3)Collaborative Computing Devices and Applications | Disabling and Removal in Secure Work Areas
IL6
SC-16Transmission of Security and Privacy Attributes
IL5IL6
SC-16(1)Transmission of Security and Privacy Attributes | Integrity Verification
IL5IL6
SC-16(2)Transmission of Security and Privacy Attributes | Anti-spoofing Mechanisms
IL5IL6
SC-16(3)Transmission of Security and Privacy Attributes | Cryptographic Binding
IL5IL6
SC-17Public Key Infrastructure Certificates
IL4 ModIL4 HighIL5IL6
SC-18Mobile Code
IL4 ModIL4 HighIL5IL6
SC-18(1)Mobile Code | Identify Unacceptable Code and Take Corrective Actions
IL5IL6
SC-18(2)Mobile Code | Acquisition, Development, and Use
IL4 ModIL4 HighIL5IL6
SC-18(3)Mobile Code | Prevent Downloading and Execution
IL5IL6
SC-18(4)Mobile Code | Prevent Automatic Execution
IL5IL6
SC-20Secure Name/address Resolution Service (authoritative Source)
IL4 ModIL4 HighIL5IL6
SC-21Secure Name/address Resolution Service (recursive or Caching Resolver)
IL4 ModIL4 HighIL5IL6
SC-22Architecture and Provisioning for Name/address Resolution Service
IL4 ModIL4 HighIL5IL6
SC-23Session Authenticity
IL4 ModIL4 HighIL5IL6
SC-23(1)Session Authenticity | Invalidate Session Identifiers at Logout
IL5IL6
SC-23(3)Session Authenticity | Unique System-generated Session Identifiers
IL5IL6
SC-23(5)Session Authenticity | Allowed Certificate Authorities
IL5IL6
SC-24Fail in Known State
IL4 ModIL4 HighIL5IL6
SC-28Protection of Information at Rest
IL4 ModIL4 HighIL5IL6
SC-28(1)Protection of Information at Rest | Cryptographic Protection
IL4 ModIL4 HighIL5IL6
SC-28(3)Protection of Information at Rest | Cryptographic Keys
IL5IL6
SC-38Operations Security
IL5IL6
SC-39Process Isolation
IL4 ModIL4 HighIL5IL6
SC-41Port and I/O Device Access
IL6
SC-42Sensor Capability and Data
IL6
SC-45System Time Synchronization
IL4 ModIL4 HighIL5IL6
SC-45(1)System Time Synchronization | Synchronization with Authoritative Time Source
IL4 ModIL4 HighIL5IL6
SC-46Cross Domain Policy Enforcement
IL4 ModIL4 HighIL5IL6