Navigate

SC-32

SC-32: Information System Partitioning

The organization partitions the information system into [one of ] residing in separate physical domains or environments based on [one of ].

Supplemental

Information system partitioning is a part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components from physically distinct components in separate racks in the same room, to components in separate rooms for the more critical components, to more significant geographical separation of the most critical components. Security categorization can guide the selection of appropriate candidates for domain partitioning. Managed interfaces restrict or prohibit network access and information flow among partitioned information system components.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), Int-C

CSF Categories
PR.PT-4

Related Controls

The controls below (if any) were marked by NIST as being related to SC-32.

Control	Description
AC-4	The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [one of ].
SA-8	The organization applies information system security engineering principles in the specification, design, development, implementation, and modification of the information system.
SC-2	The information system separates user functionality (including user interface services) from information system management functionality.
SC-3	The information system isolates security functions from nonsecurity functions.
SC-7	The information system: a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b: Implements subnetworks for publicly accessible system components that are [one of "physically"/"logically"] separated from internal organizational networks; and c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Enhancements

The controls below (if any) add on to the requirements of SC-32.

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-32.

CCI	Definition
CCI-002504	Defines the system components into which the system is partitioned.
CCI-002505	Defines the circumstances under which the system components are to be physically or logically separated to support partitioning.
CCI-002506	Partition the system into organization-defined system components residing in separate physical or logical domains or environments based on organization-defined circumstances for physical or logical separation of components.