Boundary Protection | External Telecommunications Services
System and Communications Protection Policy for cloud.gov
at least annually
Implements a managed interface for each external telecommunication service.
18F establishes a traffic flow policy for each managed interface as AWS VPC security groups.
18F protects the confidentiality and integrity of the information being transmitted across each interface by using TLS for HTTP based connection.
18F documents each exception to the traffic flow policy with a supporting mission/business need and duration of that need.
18F reviews exceptions to the traffic flow policy at least annually and removes exceptions that are no longer supported by an explicit mission/business need.