SC-7(22): Separate Subnets For Connecting To Different Security Domains

Control Family:

System And Communications Protection

Parent Control:

SC-7: Boundary Protection

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-7(22): Separate Subnets for Connecting to Different Security Domains

Control Statement

The information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.

Supplemental Guidance

Decomposition of information systems into subnets helps to provide the appropriate level of protection for network connections to different security domains containing information with different security categories or classification levels.