Security Requirements for 03.13.01 Boundary Protection

Managed interfaces include gateways, routers, firewalls, network-based malicious code analysis, virtualization systems, and encrypted tunnels implemented within a security architecture. Subnetworks that are either physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. Restricting or prohibiting interfaces within organizational systems includes restricting external web traffic to designated web servers within managed interfaces, prohibiting external traffic that appears to be spoofing internal addresses, and prohibiting internal traffic that appears to be spoofing external addresses.

View CPRT 03.13.01

  1. 03.13.01.a

    Monitor and control communications at external managed interfaces to the system and key internal managed interfaces within the system.

  1. 03.13.01.b

    Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

  1. 03.13.01.c

    Connect to external systems only through managed interfaces that consist of boundary protection devices arranged in accordance with an organizational security architecture.