INFRA-19 Network Segmentation

Estimated reading: 2 minutes 1330 views

What is INFRA-19 Network Segmentation Control?

Network segmentation control ensures that your organization has divided its network into multiple segments to better control the traffic flow. Segmentation can be used to improve monitoring, performance, and security.
Segmentation can help prevent unauthorized users from accessing sensitive data.
Segmentation is used a lot in the Zero Trust concept by implementing virtual firewalls to automate security provisioning.
There is no specific requirement for the type of segmentation.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

VmWare NSX
Cisco secure workload

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control implementation

To implement this control,
There is no requirement for the type of segmentation. You need to demonstrate and prove there is segmentation in place to pass this control.

For automated implementation,

  1. Install a tool.

For manual implementation,

Network segmentation can be considered along with the following best practices:

  1. Follow the least privilege.
  2. Limit third-party access.
  3. Audit and monitor your network.
  4. Make legitimate paths easier to access than illegitimate ones.
  5. Combine similar network resources.
  6. Don’t over-segment.
  7. Visualize your network.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Configuration settings for your network segmentation

Evidence example

For the suggested action, an example is provided below:

  1. Configuration settings of your network segmentation (diagram and configuration settings).
    The following screenshot shows the  DMZ.
    INFRA 19 Network Segmentation 01
    The following configuration screenshot is not related to the diagram above. It is a visual representation of the type of screenshot to get for a configuration setting.
    INFRA 19 Network Segmentation 02

Join the conversation