SC-7(13): Isolation of Security Tools, Mechanisms, and Support Components

Control Family:

System and Communications Protection

Parent Control:

SC-7: Boundary Protection

CSF v1.1 References:

PR.AC-5
PR.DS-5
PR.PT-4
DE.CM-1

Threats Addressed:

Information Disclosure
Elevation of Privilege
Lateral Movement

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-7(13): Isolation Of Security Tools / Mechanisms / Support Components

Control Statement

Isolate [Assignment: organization-defined information security tools, mechanisms, and support components] from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Supplemental Guidance

Physically separate subnetworks with managed interfaces are useful in isolating computer network defenses from critical operational processing networks to prevent adversaries from discovering the analysis and forensics techniques employed by organizations.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 7.1