Skip to Content

NIST 800-171 - Segregation in Networks (3.13.5)

197  Matthew Burdick September 26, 2022  System and Communications Protection

Overview:
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.


Action Items:
3.13.5[a]
Determine if: publicly accessible system components are identified.


3.13.5[b]
Determine if: subnetworks for publicly accessible system components are physically or logically separated from internal networks.


POTENTIAL ASSESSMENT METHODS AND OBJECTS


1
Examine: System and communications protection policy; procedures addressing boundary protection; system security plan; list of key internal boundaries of the system; system design documentation; boundary protection hardware and software; system configuration settings and associated documentation; enterprise security architecture documentation; system audit logs and records; other relevant documents or records].


2
Interview: System or network administrators; personnel with information security responsibilities; system developer; personnel with boundary protection responsibilities].


3
Test: Mechanisms implementing boundary protection capability].


Related Documents (document name and content will vary by organization):
1) System and communications protection policy
2) procedures addressing boundary protection
3) system security plan
4) list of key internal boundaries of the system
5) system design documentation
6) boundary protection hardware and software
7) system configuration settings and associated documentation
8) enterprise security architecture documentation
9) system audit logs and records
10) other relevant documents or records


Additional Guidance:
Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. DMZs are typically implemented with boundary control devices and techniques that include, for example, routers, gateways, routers, firewalls, virtualization, and/or cloud-based technologies. NIST Special Publication 800-41 provides guidance on firewalls and firewall policy. NIST Special Publication 800-125 provides guidance on security for virtualization technologies.
Not Rated
Secure Code