Open adammontville opened 5 years ago
What does it even mean to have an inventory of network boundaries? Does this include VLAN boundaries (are those even used anymore?), the boundaries between network segments? I found this in the v7.1 document: Setting up even a basic level of security segmentation across the network and protecting each segment with a proxy and a firewall will greatly reduce an intruder’s access to the other parts of the network.
The language of the control also speaks to DMZs (i.e. boundaries between internal and external networks).
Interpretation: This sub-control is asking for an inventory of boundaries enforced by specific categories of network devices, which requires an inventory of the network devices and an inventory of the boundaries those devices implement.
I feel like UNCC's approach covers part of what we need, but not all of it - they seem to lack the inventory piece.
Basically this metric intends to compare what's supposed to be a boundary device, to what is actually discovered as a boundary device. It's that discovery that's the hard part.
Inputs:
Operations:
Measures:
Metrics:
Inputs:
Operations:
Measures:
Metrics:
Maintain an up-to-date inventory of all of the organization's network boundaries.
Measures
Metrics