Title

The IDPS must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions. (Cat II impact)

Discussion

Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions.

Check Content

Verify the IDPS is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions. If the IDPS is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding.

Fix Text

Configure the IDPS to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Additional Identifiers

Rule ID: SV-263664r991598_rule

Vulnerability ID: V-263664

Group Title: SRG-NET-000715

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.