SC-7(20)—Boundary Protection | Dynamic Isolation and Segregation
IL4 High
IL5
IL6
>Control Description
Provide the capability to dynamically isolate ⚙organization-defined system components from other system components.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
The capability to dynamically isolate certain internal system components is useful when it is necessary to partition or separate system components of questionable origin from components that possess greater trustworthiness. Component isolation reduces the attack surface of organizational systems. Isolating selected system components can also limit the damage from successful attacks when such attacks occur.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of dynamic isolation and segregation?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-7(20)?
Technical Implementation:
- •How is dynamic isolation and segregation technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that dynamic isolation and segregation remains effective as the system evolves?
- •How is separation of duties or partitioning technically enforced?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-7(20)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.