PR.IR-01: Networks and environments are protected from unauthorized logical access and usage
Ex1: Logically segment organization networks and cloud-based platforms according to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests), and permit required communications only between segments
Ex2: Logically segment organization networks from external networks, and permit only necessary communications to enter the organization’s networks from the external networks
Ex3: Implement zero trust architectures to restrict network access to each resource to the minimum necessary
Ex4: Check the cyber health of endpoints before allowing them to access and use production resources
Tier
Description
Networks and environments are protected from unauthorized logical access and usage