SC-7(20): Dynamic Isolation and Segregation

Control Family:

System and Communications Protection

Parent Control:

SC-7: Boundary Protection

CSF v1.1 References:

PR.AC-5
PR.DS-5
PR.PT-4
DE.CM-1

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-7(20): Dynamic Isolation / Segregation

Control Statement

Provide the capability to dynamically isolate [Assignment: organization-defined system components] from other system components.

Supplemental Guidance

The capability to dynamically isolate certain internal system components is useful when it is necessary to partition or separate system components of questionable origin from components that possess greater trustworthiness. Component isolation reduces the attack surface of organizational systems. Isolating selected system components can also limit the damage from successful attacks when such attacks occur.