Navigate

SC-7(13)

SC-7(13): Isolation of Security Tools, Mechanisms, and Support Components

Isolate [information security tools, mechanisms, and support components to be isolated from other internal system components are defined;] from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Supplemental

Physically separate subnetworks with managed interfaces are useful in isolating computer network defenses from critical operational processing networks to prevent adversaries from discovering the analysis and forensics techniques employed by organizations.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-7(13).

Control	Description
SC-2	Separate user functionality, including user interface services, from system management functionality.
SC-3	Isolate security functions from nonsecurity functions.

Enhancements

The controls below (if any) add on to the requirements of SC-7(13).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-7(13).

CCI	Definition
CCI-001119	Isolate organization-defined information security tools, mechanisms, and support components from other internal system components by implementing physically separate subnetworks with managed interfaces to other components of the system.
CCI-001120	Defines the information security tools, mechanisms, and support components to be isolated.