PR.IR-01: Networks and environments are protected from unauthorized logical access and usage


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Logically segment organization networks and cloud-based platforms according to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests), and permit required communications only between segments

Ex2: Logically segment organization networks from external networks, and permit only necessary communications to enter the organization's networks from the external networks

Ex3: Implement zero trust architectures to restrict network access to each resource to the minimum necessary

Ex4: Check the cyber health of endpoints before allowing them to access and use production resources