Segment and Separate

Objective

Segment and separate information based on sensitivity of information.

Key Considerations

• [ ] Develop a target network security design that considers segmentation via network security zones, in alignment with ITSG-22 and ITSG-38.
• [ ] Implement increased levels of protection for management interfaces.

Validation

• [ ] Confirm that department has a target network architecture diagram with appropriate segmentation between network zones.

Applicable Service Models

• IaaS, PaaS

References

1. SPIN 2017-01, subsection 6.2.4
2. CSE Top 10 #5
3. Refer to the network security zoning guidance in ITSG-22 and ITSG-38.
4. Related security controls: AC‑4, SC‑7, SC‑7(5)