Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.IR-01.2: To safeguard critical systems, organisations shall implement network segmentation and segregation aligned with trust boundaries and asset criticality, thereby limiting threat propagation and enforcing strict access control |
|
PR.IR-01.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_BASIC_E_p38 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p131 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p91 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to limit the spread of cyber threats and enforce strict access control by implementing network segmentation and segregation based on trust boundaries and the criticality of systems. To implement this control, the following should be considered: • Define Security Zones Networks should be divided into distinct zones (e.g. office, production, guest, mobile). Traffic between zones should be monitored and controlled, for example using firewalls. • Align Segmentation with Trust and Criticality Segmentation should reflect which users and systems are trusted and how critical each asset is. Only essen- tial communication between zones should be allowed, following the principle of least privilege. • Avoid Flat Networks Flatnetworksshouldbeavoided,ascompromisingonesystemcouldexposetheentireenvironment.Segmen- tation should help contain threats within a single zone. • Separate IT and OT Environments In environments with industrial systems (OT), office and production networks should be separated. Guest and mobile networks should not have direct access to internal office or production systems. Segmentation should follow the IEC 62443 standard, in particular requirements SR 5.1 to SR 5.3. • Use VLANs with Caution VLANs should be used onlyas part ofa broaderdefence-in-depth strategy.Theyshould not be relied on alone to meet Security Level 2 requirements under IEC 62443-3-3. VLANs should be combined with firewalls, access controls, and monitoring. • Enforce Segmentation with Firewalls Firewalls should be configured to block all traffic by default and allow only specific, approved connections. Segmentation and segregation should be enforced through well-maintained firewall rules, in line with control |
|
A general note, for any purpose. |
The goal of this control is to limit the spread of cyber threats and enforce strict access control by implementing network segmentation and segregation based on trust boundaries and the criticality of systems. To implement this control, the following should be considered: - Define Security Zones Networks should be divided into distinct zones (e.g. office, production, guest, mobile). Traffic between zones should be monitored and controlled, for example using firewalls. - Align Segmentation with Trust and Criticality Segmentation should reflect which users and systems are trusted and how critical each asset is. Only essen- tial communication between zones should be allowed, following the principle of least privilege. - Avoid Flat Networks Flatnetworksshouldbeavoided,ascompromisingonesystemcouldexposetheentireenvironment.Segmen- tation should help contain threats within a single zone. - Separate IT and OT Environments In environments with industrial systems (OT), office and production networks should be separated. Guest and mobile networks should not have direct access to internal office or production systems. Segmentation should follow the IEC 62443 standard, in particular requirements SR 5.1 to SR 5.3. - Use VLANs with Caution VLANs should be used onlyas part ofa broaderdefence-in-depth strategy.Theyshould not be relied on alone to meet Security Level 2 requirements under IEC 62443-3-3. VLANs should be combined with firewalls, access controls, and monitoring. - Enforce Segmentation with Firewalls Firewalls should be configured to block all traffic by default and allow only specific, approved connections. Segmentation and segregation should be enforced through well-maintained firewall rules, in line with control |
|
A general note, for any purpose. |
<div><p>The goal of this control is to limit the spread of cyber threats and enforce strict access control by implementing network segmentation and segregation based on trust boundaries and the criticality of systems. To implement this control, the following should be considered:</p><ul><li>Define Security Zones Networks should be divided into distinct zones (e.g. office, production, guest, mobile). Traffic between zones should be monitored and controlled, for example using firewalls.</li><li>Align Segmentation with Trust and Criticality Segmentation should reflect which users and systems are trusted and how critical each asset is. Only essen- tial communication between zones should be allowed, following the principle of least privilege.</li><li>Avoid Flat Networks Flatnetworksshouldbeavoided,ascompromisingonesystemcouldexposetheentireenvironment.Segmen- tation should help contain threats within a single zone.</li><li>Separate IT and OT Environments In environments with industrial systems (OT), office and production networks should be separated. Guest and mobile networks should not have direct access to internal office or production systems. Segmentation should follow the IEC 62443 standard, in particular requirements SR 5.1 to SR 5.3.</li><li>Use VLANs with Caution VLANs should be used onlyas part ofa broaderdefence-in-depth strategy.Theyshould not be relied on alone to meet Security Level 2 requirements under IEC 62443-3-3. VLANs should be combined with firewalls, access controls, and monitoring.</li><li>Enforce Segmentation with Firewalls Firewalls should be configured to block all traffic by default and allow only specific, approved connections. Segmentation and segregation should be enforced through well-maintained firewall rules, in line with control</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to limit the spread of cyber threats and enforce strict access control by implementing network segmentation and segregation based on trust boundaries and the criticality of systems. To implement this control, the following should be considered: - Define Security Zones Networks should be divided into distinct zones (e.g. office, production, guest, mobile). Traffic between zones should be monitored and controlled, for example using firewalls. - Align Segmentation with Trust and Criticality Segmentation should reflect which users and systems are trusted and how critical each asset is. Only essen- tial communication between zones should be allowed, following the principle of least privilege. - Avoid Flat Networks Flatnetworksshouldbeavoided,ascompromisingonesystemcouldexposetheentireenvironment.Segmen- tation should help contain threats within a single zone. - Separate IT and OT Environments In environments with industrial systems (OT), office and production networks should be separated. Guest and mobile networks should not have direct access to internal office or production systems. Segmentation should follow the IEC 62443 standard, in particular requirements SR 5.1 to SR 5.3. - Use VLANs with Caution VLANs should be used onlyas part ofa broaderdefence-in-depth strategy.Theyshould not be relied on alone to meet Security Level 2 requirements under IEC 62443-3-3. VLANs should be combined with firewalls, access controls, and monitoring. - Enforce Segmentation with Firewalls Firewalls should be configured to block all traffic by default and allow only specific, approved connections. Segmentation and segregation should be enforced through well-maintained firewall rules, in line with control |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.IR-01.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Network segmentation and segregation |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
To safeguard critical systems, organisations shall implement network segmentation and segregation aligned with trust boundaries and asset criticality, thereby limiting threat propagation and enforcing strict access control |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
1 |
|
|
The number of triples associated with the subject. |
23 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 25 of 25
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1