Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.IR-01.4: The organisation shall implement appropriate boundary protection measures to monitor and control communications at external and key internal boundaries of its critical systems, across both IT and OT environments, to ensure secure and reliable operations. |
|
PR.IR-01.4 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p133 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p92 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure secure and reliable operations by actively monitoring and controlling communications at key network boundaries — especially where critical systems interface with external net- works or less trusted internal zones. In OTenvironments, where legacy systems often lack built-in security, boundary protection is essential to pre- vent unauthorised access, contain potential threats, and maintain process integrity across IT and OT domains. To achieve this goal, the following should be considered: • Boundary Protection Devices Firewalls, security gateways, and routers should be deployed at external and internal boundaries to enforce traffic filtering and routing policies. These devices should operate under a “deny by default, allow by excep- tion” model. • Zoning and Isolation in OT Environments In OT environments, boundary protection should include strict separation between control systems and external networks. Zones should be defined based on criticality and trust, and communications between zones should be tightly controlled and monitored. • Unidirectional Gateways (Data Diodes) Where data must flow from secure OT systems to external destinations (e.g. cloud services or regulators), unidirectional gateways should be used to prevent inbound threats while allowing outbound data transfer. • Encrypted Communications Communications across boundaries should be encrypted using secure protocols (e.g. VPNs, TLS) to protect data in transit and ensure confidentiality and integrity. • Intrusion Detection and Prevention Intrusion Detection and Prevention Systems (IDPS) should be deployed at key boundaries to monitor traffic for anomalies, detect unauthorised access attempts, and block malicious activity. • Access Control Enforcement Access to boundary devices and communication channels should be restricted to authorised personnel. Network Access Control (NAC) solutions should be considered to enforce device and user authentication at entry points. • Continuous Monitoring and Patching Boundary devices and communication channels should be continuously monitored for suspicious activity. All systems exposed to external or inter-zone communication should be regularly updated and patched to address known vulnerabilities. |
|
A general note, for any purpose. |
The goal of this control is to ensure secure and reliable operations by actively monitoring and controlling communications at key network boundaries — especially where critical systems interface with external net- works or less trusted internal zones. In OTenvironments, where legacy systems often lack built-in security, boundary protection is essential to pre- vent unauthorised access, contain potential threats, and maintain process integrity across IT and OT domains. To achieve this goal, the following should be considered: - Boundary Protection Devices Firewalls, security gateways, and routers should be deployed at external and internal boundaries to enforce traffic filtering and routing policies. These devices should operate under a “deny by default, allow by excep- tion” model. - Zoning and Isolation in OT Environments In OT environments, boundary protection should include strict separation between control systems and external networks. Zones should be defined based on criticality and trust, and communications between zones should be tightly controlled and monitored. - Unidirectional Gateways (Data Diodes) Where data must flow from secure OT systems to external destinations (e.g. cloud services or regulators), unidirectional gateways should be used to prevent inbound threats while allowing outbound data transfer. - Encrypted Communications Communications across boundaries should be encrypted using secure protocols (e.g. VPNs, TLS) to protect data in transit and ensure confidentiality and integrity. - Intrusion Detection and Prevention Intrusion Detection and Prevention Systems (IDPS) should be deployed at key boundaries to monitor traffic for anomalies, detect unauthorised access attempts, and block malicious activity. - Access Control Enforcement Access to boundary devices and communication channels should be restricted to authorised personnel. Network Access Control (NAC) solutions should be considered to enforce device and user authentication at entry points. - Continuous Monitoring and Patching Boundary devices and communication channels should be continuously monitored for suspicious activity. All systems exposed to external or inter-zone communication should be regularly updated and patched to address known vulnerabilities. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure secure and reliable operations by actively monitoring and controlling communications at key network boundaries — especially where critical systems interface with external net- works or less trusted internal zones. In OTenvironments, where legacy systems often lack built-in security, boundary protection is essential to pre- vent unauthorised access, contain potential threats, and maintain process integrity across IT and OT domains. To achieve this goal, the following should be considered:</p><ul><li>Boundary Protection Devices Firewalls, security gateways, and routers should be deployed at external and internal boundaries to enforce traffic filtering and routing policies. These devices should operate under a “deny by default, allow by excep- tion” model.</li><li>Zoning and Isolation in OT Environments In OT environments, boundary protection should include strict separation between control systems and external networks. Zones should be defined based on criticality and trust, and communications between zones should be tightly controlled and monitored.</li><li>Unidirectional Gateways (Data Diodes) Where data must flow from secure OT systems to external destinations (e.g. cloud services or regulators), unidirectional gateways should be used to prevent inbound threats while allowing outbound data transfer.</li><li>Encrypted Communications Communications across boundaries should be encrypted using secure protocols (e.g. VPNs, TLS) to protect data in transit and ensure confidentiality and integrity.</li><li>Intrusion Detection and Prevention Intrusion Detection and Prevention Systems (IDPS) should be deployed at key boundaries to monitor traffic for anomalies, detect unauthorised access attempts, and block malicious activity.</li><li>Access Control Enforcement Access to boundary devices and communication channels should be restricted to authorised personnel. Network Access Control (NAC) solutions should be considered to enforce device and user authentication at entry points.</li><li>Continuous Monitoring and Patching Boundary devices and communication channels should be continuously monitored for suspicious activity. All systems exposed to external or inter-zone communication should be regularly updated and patched to address known vulnerabilities.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure secure and reliable operations by actively monitoring and controlling communications at key network boundaries — especially where critical systems interface with external net- works or less trusted internal zones. In OTenvironments, where legacy systems often lack built-in security, boundary protection is essential to pre- vent unauthorised access, contain potential threats, and maintain process integrity across IT and OT domains. To achieve this goal, the following should be considered: - Boundary Protection Devices Firewalls, security gateways, and routers should be deployed at external and internal boundaries to enforce traffic filtering and routing policies. These devices should operate under a “deny by default, allow by excep- tion” model. - Zoning and Isolation in OT Environments In OT environments, boundary protection should include strict separation between control systems and external networks. Zones should be defined based on criticality and trust, and communications between zones should be tightly controlled and monitored. - Unidirectional Gateways (Data Diodes) Where data must flow from secure OT systems to external destinations (e.g. cloud services or regulators), unidirectional gateways should be used to prevent inbound threats while allowing outbound data transfer. - Encrypted Communications Communications across boundaries should be encrypted using secure protocols (e.g. VPNs, TLS) to protect data in transit and ensure confidentiality and integrity. - Intrusion Detection and Prevention Intrusion Detection and Prevention Systems (IDPS) should be deployed at key boundaries to monitor traffic for anomalies, detect unauthorised access attempts, and block malicious activity. - Access Control Enforcement Access to boundary devices and communication channels should be restricted to authorised personnel. Network Access Control (NAC) solutions should be considered to enforce device and user authentication at entry points. - Continuous Monitoring and Patching Boundary devices and communication channels should be continuously monitored for suspicious activity. All systems exposed to external or inter-zone communication should be regularly updated and patched to address known vulnerabilities. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.IR-01.4 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Boundary protection measures |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall implement appropriate boundary protection measures to monitor and control communications at external and key internal boundaries of its critical systems, across both IT and OT environments, to ensure secure and reliable operations. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
1 |
|
|
The number of triples associated with the subject. |
21 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 23 of 23
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1