IVS-08: Production / Non-Production Environments

Control Family:

Infrastructure & Virtualization Security

CSF v1.1 References:

PR.DS-5
PR.IP-2
PR.PT-3

PF v1.0 References:

CT.PO-P4
PR.DS-P5
PR.PT-P2

Threats Addressed:

Tampering
Repudiation
Elevation of Privilege
Lateral Movement

Control Statement

Production and non-production environments shall be separated to prevent unauthorized access or changes to information assets. Separation of the environments may include: stateful inspection firewalls, domain/realm authentication sources, and clear segregation of duties for personnel accessing these environments as part of their job duties.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4