800-53|SC-7(20)

Title

DYNAMIC ISOLATION / SEGREGATION

Description

The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system.

Supplemental

The capability to dynamically isolate or segregate certain internal components of organizational information systems is useful when it is necessary to partition or separate certain components of dubious origin from those components possessing greater trustworthiness. Component isolation reduces the attack surface of organizational information systems. Isolation of selected information system components is also a means of limiting the damage from successful cyber attacks when those attacks occur.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker

Detections

Analytics