Reference: CMMC v2.13
Family: SC
Level Introduced: 3
Title: Isolation
Practice:
Employ physical isolation techniques or logical isolation techniques or both in organizational systems and system components.
Further Discussion:
For this requirement, organizations must identify the systems or enclaves that need to be isolated, then design and implement the isolation. The resulting isolation solutions are documented or referenced in the SSP. Documentation will be dependent on the design selected and may include a high-level diagram, but specific details that may change on some frequency would be omitted. During an assessment, providing details such as subnet and VLAN implementation identifiers, internal boundary protection hardware and software, interface device functionality, and system configuration and Access Control List (ACL) settings will be useful.
Example
You are responsible for information security in your organization, which holds and processes CUI. You have decided to isolate the systems processing CUI by limiting all communications in and out that enclave with cross-domain interface devices that implement access control [a]. Your security team has identified all the systems containing such CUI, documented network design details, developed network diagrams showing access control points, documented the logic for the access control enforcement decisions, described the interface and protocol to the identification and authentication mechanisms, and documented all details associated with the ACLs, including review, updates, and credential revocation procedures.
Potential Assessment Considerations
• Has the organization clearly identified where they use physical, logical, or both isolation techniques [a]?
• Can the organization describe the isolation techniques they have employed [a]?
• Has the organization deployed subnetting, internal firewalls, and VLANs to control packet flow between internal segments [a]?
• Does the organization employ metadata to inform isolation techniques [a]?
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
800-172 Requirements vDraft (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.