SC-7(22): Separate Subnets for Connecting to Different Security Domains

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Previous Version:

Control Statement

Implement separate network addresses to connect to systems in different security domains.

Supplemental Guidance

The decomposition of systems into subnetworks (i.e., subnets) helps to provide the appropriate level of protection for network connections to different security domains that contain information with different security categories or classification levels.