800-53|SC-7(20)

Title

DYNAMIC ISOLATION / SEGREGATION

Description

The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system.

Supplemental

The capability to dynamically isolate or segregate certain internal components of organizational information systems is useful when it is necessary to partition or separate certain components of dubious origin from those components possessing greater trustworthiness. Component isolation reduces the attack surface of organizational information systems. Isolation of selected information system components is also a means of limiting the damage from successful cyber attacks when those attacks occur.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
JUNI-RT-000300 - The Juniper perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.	Juniper	DISA STIG Juniper Router RTR v2r2
JUNI-RT-000300 - The Juniper perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.	Juniper	DISA STIG Juniper Router RTR v1r4
JUNI-RT-000880 - The Juniper multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed - policy-options	Juniper	DISA STIG Juniper Router RTR v1r4
JUNI-RT-000880 - The Juniper multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed - policy-options	Juniper	DISA STIG Juniper Router RTR v2r2
NET-MCAST-009 - Ensure that boundaries are established at the enclave perimeter for all administrative scoped multicast traffic.	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET-MCAST-010 - Ensure that multicast routers are configured to establish boundaries for Admin-local or Site-local scope multicast traffic.	Juniper	DISA STIG Juniper Infrastructure Router V8R29
NET-MCAST-010 - Ensure that multicast routers are configured to establish boundaries for Admin-local or Site-local scope multicast traffic.	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0166 - The AG network service provider IP addresses are not redistributed into or advertised to the NIPRNet - EIGRP	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0166 - The AG network service provider IP addresses are not redistributed into or advertised to the NIPRNet - OSPF	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0166 - The AG network service provider IP addresses are not redistributed into or advertised to the NIPRNet - RIP	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0986 - The routes from the two IGP domains are redistributed to each other - from protocol	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0986 - The routes from the two IGP domains are redistributed to each other - policy-options	Juniper	DISA STIG Juniper Infrastructure Router V8R29
NET0986 - The routes from the two IGP domains are redistributed to each other - protocols export	Juniper	DISA STIG Juniper Perimeter Router V8R32
NET0986 - The routes from the two IGP domains are redistributed to each other - protocols export	Juniper	DISA STIG Juniper Infrastructure Router V8R29

Detections

Analytics