📢 New post: Is It Even in Your Boundary? CVE-2026-0257 and the Question a KEV Clock Asks First · 📝 Also fresh: 20x Is Permanent Now: The Rehearsal's Over, the Rules Land in June · 🚦 Beacon — the FedRAMP 20x KSI emitter — design partners open ✨ · 🆕 20x Hub: program reference, kept current · 🧪 Free tool: KSI Quick Check — paste, run, get the verdict

FedRAMP Controls / SC

SC-7(4) External Telecommunications Services

Family SC
Baselines moderate
Mapped KSIs 1

Control statement

(a) Implement a managed interface for each external telecommunication service;
    (b) Establish a traffic flow policy for each managed interface;
    (c) Protect the confidentiality and integrity of the information being transmitted across each interface;
    (d) Document each exception to the traffic flow policy with a supporting mission or business need and duration of that need;
    (e) Review exceptions to the traffic flow policy {{ insert: param, sc-07.04_odp }} and remove exceptions that are no longer supported by an explicit mission or business need;
    (f) Prevent unauthorized exchange of control plane traffic with external networks;
    (g) Publish information to enable remote networks to detect unauthorized control plane traffic from internal networks; and
    (h) Filter unauthorized control plane traffic from external networks.

Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is preserved in the catalog database.

Covered by these Key Security Indicators

KSITitleCategory
KSI-CNA-02Attack Surface
_Persistently_ ensure _machine-based_ _information resources_ have a minimal attack surface and that lateral movement is minimized if compromised.
Cloud Native Architecture