The organization network must be segmented.
By segmenting the network, the organizations can minimize the attack surface. Attackers have limited visibility and access. This is a greater challenge for them, for example, to make lateral movement across the network. Each network segment can have its own access controls and security policies tied to the specific needs and requirements of the systems and users within that segment. This allows a grained control over who can access what resources.
This requirement is verified in following services
- CIS-9_2. Use DNS filtering services
- CIS-3_12. Segment data processing and storage based on sensitivity
- CWE™-923. Improper restriction of communication channel to intended endpoints
- OWASP TOP 10-A5. Security misconfiguration
- OWASP TOP 10-A10. Server-side request forgery
- MITRE ATT&CK®-M1030. Network segmentation
- CMMC-SC_L1-3_13_5. Public-access system separation
- HITRUST CSF-01_m. Segregation in networks
- HITRUST CSF-09_m. Network controls
- ISO/IEC 27002-8_8. Management of technical vulnerabilities
- ISO/IEC 27002-8_23. Segregation in networks
- ISA/IEC 62443-RDF-5_1. Network segmentation
- NIST SSDF-PO_5_1. Implement and maintain secure environments for software development
- C2M2-9_2_b. Implement network protections for cybersecurity architecture
- PCI DSS-1_3_1. Inbound traffic to the cardholder data environment is restricted
- PCI DSS-1_3_2. Outbound traffic to the cardholder data environment is restricted
- SIG Lite-SL_88. Is development, test, and staging environment separate from the production environment?
- SIG Core-D_9_2. Asset and information management
- SIG Core-N_1_7. Network security
- CAPEC™-700. Network Boundary Bridging
- ISO/IEC 27001-8_8. Management of technical vulnerabilities
- ISO/IEC 27001-8_23. Segregation in networks
- Resolution SB 2021 2126-Art_26_11_l. Information Security
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.