>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PL-8(1)Information Security Architecture

PBMM (P1)
Secret (P1)
Management

>Control Description

INFORMATION SECURITY ARCHITECTURE | DEFENCE-IN-DEPTH (a) The organization designs its security architecture using a defence-in-depth approach that allocates organization-defined security safeguards to organization-defined locations and architectural layers; and (b) The organization designs its security architecture using a defence-in-depth approach that ensures that the allocated security safeguards operate in a coordinated and mutually reinforcing manner.

>Supplemental Guidance

Organizations strategically allocate security safeguards (procedural, technical, or both) in the security architecture so that adversaries have to overcome multiple safeguards to achieve their objective. Requiring adversaries to defeat multiple mechanisms makes it more difficult to successfully attack critical information resources (i.e., increases adversary work factor) and also increases the likelihood of detection. The coordination of allocated safeguards is essential to ensure that an attack that involves one safeguard does not create adverse unintended consequences (e.g., lockout, cascading alarms) by interfering with another safeguard.

Placement of security safeguards is a key activity. Greater asset criticality or information value merits additional layering. Thus, an organization may choose to place anti-virus software at organizational boundary layers, email/web servers, notebook computers, and workstations to maximize the number of related safeguards adversaries must penetrate before compromising the information and information systems.

Related controls: SC-29, SC-36.

Ask AI

Configure your API key to use AI features.