You monitor, control, and protect communications at the edges of your CUI environment.
What it actually means
This is your firewall-and-segmentation control. Traffic at the external boundary (and key internal boundaries — like between your CUI enclave and the rest of the network) is monitored, filtered, and controlled. A defined, defended perimeter is what makes 'out of scope' actually mean something.
Pass or fail — an assessor needs a "yes" to each
- Firewalls/boundary devices control traffic at external and key internal boundaries.
- The CUI environment is segmented from out-of-scope networks.
- Boundary traffic is monitored.
What to have ready
- Network/data-flow diagram showing boundaries
- Firewall rule sets
- Segmentation between CUI and non-CUI networks
Where teams trip up
- Flat network with no segmentation around CUI
- Permissive firewall rules ('allow any')
- No monitoring at the boundary
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →