Detections
Analytics

800-53|SC-7(13)

Title

ISOLATION OF SECURITY TOOLS / MECHANISMS / SUPPORT COMPONENTS

Description

The organization isolates [Assignment: organization-defined information security tools, mechanisms, and support components] from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Supplemental

Physically separate subnetworks with managed interfaces are useful, for example, in isolating computer network defenses from critical operational processing networks to prevent adversaries from discovering the analysis and forensics techniques of organizations.

Reference Item Details

Related: SA-8,SC-2,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1 Ensure network traffic is restricted between containers on the default bridgeUnixCIS Docker Community Edition v1.1.0 L1 Docker
2.1 Ensure network traffic is restricted between containers on the default bridgeUnixCIS Docker v1.2.0 L1 Docker Linux
2.2.3 Restrict NTP server to loopback interfaceUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
2.2.3 Restrict NTP server to loopback interfaceUnixCIS Apple OSX 10.9 L1 v1.3.0
2.2.3 Restrict NTP server to loopback interface - interface ignore wildcardUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.2.3 Restrict NTP server to loopback interface - interface listen loUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.2.3 Restrict NTP server to loopback interface - restrict loUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
2.4.2 Set AAA 'source-interface'CiscoCIS Cisco IOS 15 L2 v4.0.1
2.4.2 Set AAA 'source-interface'CiscoCIS Cisco IOS 16 L2 v1.1.0
2.4.2 Set AAA 'source-interface'CiscoCIS Cisco IOS 12 L2 v4.0.0
2.4.4 Set 'ip tftp source-interface' to the Loopback InterfaceCiscoCIS Cisco IOS 15 L2 v4.0.1
2.4.4 Set 'ip tftp source-interface' to the Loopback InterfaceCiscoCIS Cisco IOS 16 L2 v1.1.0
2.4.4 Set 'ip tftp source-interface' to the Loopback InterfaceCiscoCIS Cisco IOS 12 L2 v4.0.0
2.17 Bind swarm services to a specific host interfaceUnixCIS Docker 1.13.0 v1.0.0 L1 Docker
2.17 Bind swarm services to a specific host interfaceUnixCIS Docker 1.12.0 v1.0.0 L1 Docker
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions.WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.3 Ensure swarm services are binded to a specific host interfaceUnixCIS Docker Community Edition v1.1.0 L1 Docker
7.10 Ensure management plane traffic has been separated from data plane trafficUnixCIS Docker Community Edition v1.1.0 L2 Docker
7.10 Ensure that management plane traffic is separated from data plane trafficUnixCIS Docker v1.2.0 L2 Docker Linux
7.10 Ensure that management plane traffic is separated from data plane trafficUnixCIS Docker v1.2.0 L2 Docker Engine Enterprise
20.8 (L1) Ensure 'System is connected to the network only when necessary'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
Access Security - J-Web - Limit access to only authorized interfacesJuniperJuniper Hardening JunOS 12 Devices Checklist
Management interfaceArubaOSArubaOS CX 10.x Hardening Guide v1.0.0
NET0897 - RADIUS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Infrastructure Router v8r29
NET0897 - RADIUS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0897 - RADIUS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Perimeter Router v8r32
NET0897 - RADIUS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0897 - TACACS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Infrastructure Router v8r29
NET0897 - TACACS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0897 - TACACS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0897 - TACACS Authentication traffic does not use loopback interface.CiscoDISA STIG Cisco Perimeter Router v8r32
NET0899 - NTP traffic is not using loopback addressCiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0899 - NTP traffic is not using loopback addressCiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0899 - NTP traffic is not using loopback addressCiscoDISA STIG Cisco Infrastructure Router v8r29
NET0899 - NTP traffic is not using loopback addressCiscoDISA STIG Cisco Perimeter Router v8r32
NET0900 - SNMP traffic does not use loopbackCiscoDISA STIG Cisco Infrastructure Router v8r29
NET0900 - SNMP traffic does not use loopbackCiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0900 - SNMP traffic does not use loopbackCiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0900 - SNMP traffic does not use loopbackCiscoDISA STIG Cisco Perimeter Router v8r32
NET0901 - Netflow traffic is not using loopbackCiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0901 - Netflow traffic is not using loopbackCiscoDISA STIG Cisco Perimeter Router v8r32
NET0901 - Netflow traffic is not using loopbackCiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0901 - Netflow traffic is not using loopbackCiscoDISA STIG Cisco Infrastructure Router v8r29
NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0'CiscoDISA STIG Cisco Infrastructure Router v8r29
NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0'CiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0'CiscoDISA STIG Cisco Perimeter Router v8r32
NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0'CiscoDISA STIG Cisco Perimeter L3 Switch v8r32
NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0'CiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0'CiscoDISA STIG Cisco Infrastructure Router v8r29
NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0'CiscoDISA STIG Cisco Perimeter Router v8r32