WEB-02: Use of Demilitarized Zones (DMZ)

WEB-02 · Use of Demilitarized Zones (DMZ)

Control Description

Mechanisms exist to utilize a Demilitarized Zone (DMZ) to restrict inbound traffic to authorized Technology Assets, Applications and/or Services (TAAS) on certain services, protocols and ports.

Control Question

Assessment question for control validation

Does the organization utilize a Demilitarized Zone (DMZ) to restrict inbound traffic to authorized Technology Assets, Applications and/or Services (TAAS) on certain services, protocols and ports?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

MAD: WEB-02

Additional Metadata

Applicability (Process):

Errata & Additional Notes

- wordsmithed control - updated mapping CMMC Level 1 - updated mapping CMMC Level 2