Has your organization implemented network segmentation that separates different trust boundaries and platform types, with controlled communications between segments?
Explanation
Network segmentation involves dividing your network infrastructure into distinct zones based on security requirements, data sensitivity, and functional purposes.
This includes separating IT networks from operational technology (OT), IoT devices, guest networks, and other specialized environments, with firewall rules or access controls that permit only necessary traffic between segments.
Proper segmentation limits the potential impact of security breaches by containing them within a single segment rather than allowing lateral movement throughout the entire network.
Evidence of compliance could include network architecture diagrams showing segmentation boundaries, firewall rule documentation that defines permitted cross-segment communications, and configuration screenshots of network devices implementing the segmentation controls.
Implementation Example
Logically segment organization networks and cloud-based platforms according to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests), and permit required communications only between segments
ID: PR.IR-01.260
Context
- Function
- PR: PROTECT
- Category
- PR.IR: Technology Infrastructure Resilience
- Sub-Category
- Networks and environments are protected from unauthorized logical access and usage
Related questions
- Has your organization implemented network segmentation to isolate internal networks from external networks, with controls that restrict inbound traffic to only necessary communications?
- Has your organization implemented a zero trust architecture that restricts network access to each resource based on the principle of least privilege?
- Does your organization perform endpoint health checks before allowing devices to access production resources?
- Has your organization implemented physical safeguards to protect equipment from environmental threats such as flooding, fire, wind, excessive heat, and humidity?
- Do you require service providers who operate systems on your behalf to implement protections against environmental threats and maintain adequate operating infrastructure?
- Has your organization implemented redundancy measures to eliminate single points of failure across all critical systems and infrastructure?

