800-53|SC-7(21)

Title

ISOLATION OF INFORMATION SYSTEM COMPONENTS

Description

The organization employs boundary protection mechanisms to separate [Assignment: organization-defined information system components] supporting [Assignment: organization-defined missions and/or business functions].

Supplemental

Organizations can isolate information system components performing different missions and/or business functions. Such isolation limits unauthorized information flows among system components and also provides the opportunity to deploy greater levels of protection for selected components. Separating system components with boundary protection mechanisms provides the capability for increased protection of individual components and to more effectively control information flows between those components. This type of enhanced protection limits the potential harm from cyber attacks and errors. The degree of separation provided varies depending upon the mechanisms chosen. Boundary protection mechanisms include, for example, routers, gateways, and firewalls separating system components into physically separate networks or subnetworks, cross-domain devices separating subnetworks, virtualization techniques, and encrypting information flows among system components using distinct encryption keys.

Reference Item Details

Related: CA-9,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6.3 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.6.4 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
1.6.4 Create network segmentation using Network PoliciesUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
2.1 Restrict network traffic between containersUnixCIS Docker 1.13.0 v1.0.0 L1 Docker
18.9.97.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.9.102.2.3 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.9.102.2.3 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.9.102.2.3 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' - EnabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.9.102.2.3 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' - EnabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.9.102.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.9.102.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.9.102.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.9.102.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.88.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
18.10.89.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.89.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
18.10.89.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
18.10.89.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS