800-53|SC-7(13)

Title

ISOLATION OF SECURITY TOOLS / MECHANISMS / SUPPORT COMPONENTS

Description

The organization isolates [Assignment: organization-defined information security tools, mechanisms, and support components] from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Supplemental

Physically separate subnetworks with managed interfaces are useful, for example, in isolating computer network defenses from critical operational processing networks to prevent adversaries from discovering the analysis and forensics techniques of organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-8,SC-2,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1 Ensure network traffic is restricted between containers on the default bridge	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
2.2.3 Restrict NTP server to loopback interface	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
2.2.3 Restrict NTP server to loopback interface	Unix	CIS Apple OSX 10.9 L1 v1.3.0
2.2.3 Restrict NTP server to loopback interface - interface ignore wildcard	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.2.3 Restrict NTP server to loopback interface - interface listen lo	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.2.3 Restrict NTP server to loopback interface - restrict lo	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.4.2 Set AAA 'source-interface'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
2.4.4 Set 'ip tftp source-interface' to the Loopback Interface	Cisco	CIS Cisco IOS 12 L2 v4.0.0
2.17 Bind swarm services to a specific host interface	Unix	CIS Docker 1.13.0 v1.0.0 L1 Docker
2.17 Bind swarm services to a specific host interface	Unix	CIS Docker 1.12.0 v1.0.0 L1 Docker
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions.	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
7.3 Ensure swarm services are binded to a specific host interface	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
7.10 Ensure management plane traffic has been separated from data plane traffic	Unix	CIS Docker Community Edition v1.1.0 L2 Docker
20.8 (L1) Ensure 'System is connected to the network only when necessary'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
Access Security - J-Web - Limit access to only authorized interfaces	Juniper	Juniper Hardening JunOS 12 Devices Checklist
Management interface	ArubaOS	ArubaOS CX 10.x Hardening Guide v1.0.0
Out-of-Band Management port	ArubaOS	ArubaOS Switch 16.x Hardening Guide v1.0.0

Detections

Analytics