compliance controls are associated with this Policy definition 'Route traffic through authenticated proxy network' (d91558ce-5a5c-551b-8fbb-83f793255e09)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-7(8) |
FedRAMP_High_R4_SC-7(8) |
FedRAMP High SC-7 (8) |
System And Communications Protection |
Route Traffic To Authenticated Proxy Servers |
Shared |
n/a |
The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces.
Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. |
link |
1 |
| FedRAMP_Moderate_R4 |
SC-7(8) |
FedRAMP_Moderate_R4_SC-7(8) |
FedRAMP Moderate SC-7 (8) |
System And Communications Protection |
Route Traffic To Authenticated Proxy Servers |
Shared |
n/a |
The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces.
Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. |
link |
1 |
| hipaa |
0808.10b2System.3-10.b |
hipaa-0808.10b2System.3-10.b |
0808.10b2System.3-10.b |
08 Network Protection |
0808.10b2System.3-10.b 10.02 Correct Processing in Applications |
Shared |
n/a |
For any public-facing web applications, application-level firewalls have been implemented to control traffic. For any public-facing applications that are not web-based, the organization has implemented a network-based firewall specific to the application type. If the traffic to the public-facing application is encrypted, the device either sits behind the encryption or is capable of decrypting the traffic prior to analysis. |
|
2 |
| hipaa |
0815.01o2Organizational.123-01.o |
hipaa-0815.01o2Organizational.123-01.o |
0815.01o2Organizational.123-01.o |
08 Network Protection |
0815.01o2Organizational.123-01.o 01.04 Network Access Control |
Shared |
n/a |
Requirements for network routing control are based on the access control policy, including positive source and destination checking mechanisms, such as firewall validation of source/destination addresses, and the hiding of internal directory services and IP addresses. The organization designed and implemented network perimeters so that all outgoing network traffic to the Internet passes through at least one application layer filtering proxy server. The proxy supports decrypting network traffic, logging individual TCP sessions, blocking specific URLs, domain names, and IP addresses to implement a blacklist, and applying whitelists of allowed sites that can be accessed through the proxy while blocking all other sites. The organization forces outbound traffic to the Internet through an authenticated proxy server on the enterprise perimeter. |
|
4 |
| hipaa |
0822.09m2Organizational.4-09.m |
hipaa-0822.09m2Organizational.4-09.m |
0822.09m2Organizational.4-09.m |
08 Network Protection |
0822.09m2Organizational.4-09.m 09.06 Network Security Management |
Shared |
n/a |
Firewalls restrict inbound and outbound traffic to the minimum necessary. |
|
7 |
| hipaa |
0850.01o1Organizational.12-01.o |
hipaa-0850.01o1Organizational.12-01.o |
0850.01o1Organizational.12-01.o |
08 Network Protection |
0850.01o1Organizational.12-01.o 01.04 Network Access Control |
Shared |
n/a |
Routing controls are implemented through security gateways (e.g., firewalls) used between internal and external networks (e.g., the Internet and third-party networks). |
|
1 |
| hipaa |
0870.09m3Organizational.20-09.m |
hipaa-0870.09m3Organizational.20-09.m |
0870.09m3Organizational.20-09.m |
08 Network Protection |
0870.09m3Organizational.20-09.m 09.06 Network Security Management |
Shared |
n/a |
Access to all proxies is denied, except for those hosts, ports, and services that are explicitly required. |
|
8 |
| hipaa |
0894.01m2Organizational.7-01.m |
hipaa-0894.01m2Organizational.7-01.m |
0894.01m2Organizational.7-01.m |
08 Network Protection |
0894.01m2Organizational.7-01.m 01.04 Network Access Control |
Shared |
n/a |
Networks are segregated from production-level networks when migrating physical servers, applications, or data to virtualized servers. |
|
19 |
| NIST_SP_800-53_R4 |
SC-7(8) |
NIST_SP_800-53_R4_SC-7(8) |
NIST SP 800-53 Rev. 4 SC-7 (8) |
System And Communications Protection |
Route Traffic To Authenticated Proxy Servers |
Shared |
n/a |
The information system routes [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces.
Supplemental Guidance: External networks are networks outside of organizational control. A proxy server is a server (i.e., information system or application) that acts as an intermediary for clients requesting information system resources (e.g., files, connections, web pages, or services) from other organizational servers. Client requests established through an initial connection to the proxy server are evaluated to manage complexity and to provide additional protection by limiting direct connectivity. Web content filtering devices are one of the most common proxy servers providing access to the Internet. Proxy servers support logging individual Transmission Control Protocol (TCP) sessions and blocking specific Uniform Resource Locators (URLs), domain names, and Internet Protocol (IP) addresses. Web proxies can be configured with organization-defined lists of authorized and unauthorized websites. Related controls: AC-3, AU-2. |
link |
1 |
| NIST_SP_800-53_R5 |
SC-7(8) |
NIST_SP_800-53_R5_SC-7(8) |
NIST SP 800-53 Rev. 5 SC-7 (8) |
System and Communications Protection |
Route Traffic to Authenticated Proxy Servers |
Shared |
n/a |
Route [Assignment: organization-defined internal communications traffic] to [Assignment: organization-defined external networks] through authenticated proxy servers at managed interfaces. |
link |
1 |