CCI-001119

Isolate organization-defined information security tools, mechanisms, and support components from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Implementation Guidance

Determine if [SC-07(13)_ODP; information security tools, mechanisms, and support components to be isolated from other internal system components are defined] are isolated from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing boundary protection; system design documentation; system hardware and software; system architecture; system configuration settings and associated documentation; list of security tools and support components to be isolated from other internal system components; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with boundary protection responsibilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the isolation of information security tools, mechanisms, and support components].

The controls below (if any) were marked by NIST as being related to CCI-001119.