IVS-08: Network Architecture Documentation

Previous Version:

Control Statement

Identify and document high-risk environments.

Implementation Guidance

The documents or diagrams should include, but are not limited to, the details below:

  1. Architecture diagrams, security zone descriptions, and related policies
  2. All components (physical, logical)
  3. Hypervisors, workloads, hosts, and networks (physical, virtual), etc.
  4. Physical site details for each workload
  5. Traffic flow between various components
  6. All communication channels, including out-of-band communication channels
  7. Defined roles and responsibilities
  8. Security zones, workloads on each host, security levels for the workloads, etc.,
  9. Identify and document dependencies between the different environments and how they impact the risk assessment.

Auditing Guidance

  1. Examine the criteria for identifying high-risk environments.
  2. Examine the inventory of high-risk environments, and periodicity of review.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.