800-53|SC-7(22)

Title

SEPARATE SUBNETS FOR CONNECTING TO DIFFERENT SECURITY DOMAINS

Description

The information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.

Supplemental

Decomposition of information systems into subnets helps to provide the appropriate level of protection for network connections to different security domains containing information with different security categories or classification levels.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.6.3 Create network segmentation using Network Policies	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L2
2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only)	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
2.3.10.7 Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only)	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
6.3 Ensure storage area network (SAN) resources are segregated properly	VMware	CIS VMware ESXi 6.5 v1.0.0 Level 1
6.5 Ensure subnets for the Web tier ELB are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.6 Ensure subnets for the Web tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.7 Ensure subnets for the App tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.8 Ensure subnets for the Data tier are created	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet1	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet2	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1

Detections

Analytics