System and Communications Protection

• The institution shall monitor, control, and protect communications (i.e., information transmitted or received by institutional systems) at the external and key internal boundaries of institutional digitalization systems.
• The institution shall use architectural designs, software development techniques, and systems engineering principles that promote effective information security within institutional digitalization systems.