SC-7(20): Dynamic Isolation / Segregation

Control Family:

System And Communications Protection

Parent Control:

SC-7: Boundary Protection

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-7(20): Dynamic Isolation and Segregation

Control Statement

The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system.

Supplemental Guidance

The capability to dynamically isolate or segregate certain internal components of organizational information systems is useful when it is necessary to partition or separate certain components of dubious origin from those components possessing greater trustworthiness. Component isolation reduces the attack surface of organizational information systems. Isolation of selected information system components is also a means of limiting the damage from successful cyber attacks when those attacks occur.