800-53|SC-7(22)

Title

SEPARATE SUBNETS FOR CONNECTING TO DIFFERENT SECURITY DOMAINS

Description

The information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.

Supplemental

Decomposition of information systems into subnets helps to provide the appropriate level of protection for network connections to different security domains containing information with different security categories or classification levels.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.6.3 Create network segmentation using Network Policies	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
6.3 Ensure storage area network (SAN) resources are segregated properly	VMware	CIS VMware ESXi 6.5 v1.0.0 Level 1
6.5 Ensure subnets for the Web tier ELB are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.6 Ensure subnets for the Web tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.7 Ensure subnets for the App tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.8 Ensure subnets for the Data tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet1	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet2	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
BIND-9X-001005 - The host running a BIND 9.x implementation must use a dedicated management interface in order to separate management traffic from DNS specific traffic.	Unix	DISA BIND 9.x STIG v1r9
BIND-9X-001005 - The host running a BIND 9.x implementation must use a dedicated management interface in order to separate management traffic from DNS specific traffic.	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001006 - The host running a BIND 9.x implementation must use an interface that is configured to process only DNS traffic.	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001006 - The host running a BIND 9.x implementation must use an interface that is configured to process only DNS traffic.	Unix	DISA BIND 9.x STIG v1r9
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'access-list IPV4_UPLINK_INGRESS_ACL permit 41)'	Cisco	DISA STIG Cisco Perimeter Router v8r32
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'access-list IPV4_UPLINK_INGRESS_ACL permit 41)'	Cisco	DISA STIG Cisco Perimeter L3 Switch v8r32

Detections

Analytics