Segment the organization network
Summary
The organization network must be segmented.
Description
By segmenting the network, the organizations can minimize the attack surface. Attackers have limited visibility and access. This is a greater challenge for them, for example, to make lateral movement across the network. Each network segment can have its own access controls and security policies tied to the specific needs and requirements of the systems and users within that segment. This allows a grained control over who can access what resources.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CIS-9_2. Use DNS filtering services
- CIS-3_12. Segment data processing and storage based on sensitivity
- CWE™-923. Improper restriction of communication channel to intended endpoints
- OWASP TOP 10-A5. Security misconfiguration
- OWASP TOP 10-A10. Server-side request forgery
- MITRE ATT&CK®-M1030. Network segmentation
- CMMC-SC_L1-3_13_5. Public-access system separation
- HITRUST CSF-01_m. Segregation in networks
- HITRUST CSF-09_m. Network controls
- ISO/IEC 27002-8_8. Management of technical vulnerabilities
- ISO/IEC 27002-8_23. Segregation in networks
- ISA/IEC 62443-RDF-5_1. Network segmentation
- NIST SSDF-PO_5_1. Implement and maintain secure environments for software development
- C2M2-9_2_b. Implement network protections for cybersecurity architecture
- PCI DSS-1_3_1. Inbound traffic to the cardholder data environment is restricted
- PCI DSS-1_3_2. Outbound traffic to the cardholder data environment is restricted
- SIG Lite-SL_88. Is development, test, and staging environment separate from the production environment?
- SIG Core-D_9_2. Asset and information management
- SIG Core-N_1_7. Network security
- CAPEC™-700. Network Boundary Bridging
- ISO/IEC 27001-8_8. Management of technical vulnerabilities
- ISO/IEC 27001-8_23. Segregation in networks
- Resolution SB 2021 2126-Art_26_11_l. Information Security
- NIST CSF-PR_IR-01. Networks and environments are protected from unauthorized logical access and usage
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.