NET-06.4: Segregation From Enterprise Services

NET-06.4 · Segregation From Enterprise Services

Control Description

Mechanisms exist to isolate sensitive/regulated data enclaves (secure zones) from corporate-provided IT resources by providing enclave-specific IT services (e.g., directory services, DNS, NTP, ITAM, antimalware, patch management, etc.) to those isolated network segments.

Control Question

Assessment question for control validation

Does the organization isolate sensitive/regulated data enclaves (secure zones) from corporate-provided IT resources by providing enclave-specific IT services (e.g., directory services, DNS, NTP, ITAM, antimalware, patch management, etc.) to those isolated network segments?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

ESP Level 3: NET-06.4