SC-32: Information System Partitioning

Control Family:

System And Communications Protection

Priority:

P0: Security control not selected in any baseline.

CSF v1.1 References:

PR.PT-4

Threats Addressed:

Lateral Movement

Baselines:

Low
N/A
Moderate
N/A
High
N/A

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-32: System Partitioning

Control Statement

The organization partitions the information system into [Assignment: organization-defined information system components] residing in separate physical domains or environments based on [Assignment: organization-defined circumstances for physical separation of components].

Supplemental Guidance

Information system partitioning is a part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components from physically distinct components in separate racks in the same room, to components in separate rooms for the more critical components, to more significant geographical separation of the most critical components. Security categorization can guide the selection of appropriate candidates for domain partitioning. Managed interfaces restrict or prohibit network access and information flow among partitioned information system components.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 4

Cloud Controls Matrix v3.0.1

Critical Security Controls Version 7.1