SC-7(22): Separate Subnets For Connecting To Different Security Domains

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.

Supplemental Guidance

Decomposition of information systems into subnets helps to provide the appropriate level of protection for network connections to different security domains containing information with different security categories or classification levels.