CA-9: Internal System Connections
|CA-9a.||Authorizes internal connections of [Assignment: organization-defined information system components or classes of components] to the information system; and|
|CA-9b.||Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated.|
This control applies to connections between organizational information systems and (separate) constituent system components (i.e., intra-system connections) including, for example, system connections with mobile devices, notebook/desktop computers, printers, copiers, facsimile machines, scanners, sensors, and servers. Instead of authorizing each individual internal connection, organizations can authorize internal connections for a class of components with common characteristics and/or configurations, for example, all digital printers, scanners, and copiers with a specified processing, storage, and transmission capability or all smart phones with a specific baseline configuration.