E.3.7 Boundary protection
Control Details
Objective
Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system.
Definition
The enterprise should consider the trust boundaries and provide separation and isolation of development, test, and security assessment tools and external networks or information systems. The connections should only be through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
Assessment Questions
- How are development, test, and security assessment tools and operational environments separated and isolated from external networks or information systems and each other, as appropriate considering trust boundaries?
- How are trust boundaries considered, and how is the separation/isolation implemented?
- How is malicious behavior detection implemented and managed?