3.13.5—System and Communications Protection - Derived
Derived Requirement
>Control Description
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
>Discussion
Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones (DMZs). DMZs are typically implemented with boundary control devices and techniques that include routers, gateways, firewalls, virtualization, or cloud-based technologies. [SP 800-41] provides guidance on firewalls and firewall policy. [SP 800-125B] provides guidance on security for virtualization technologies
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern controlling mobile code execution?
- •What procedures define approved mobile code technologies?
- •Who approves mobile code usage and restrictions?
- •How do you address JavaScript, ActiveX, Java, etc.?
- •What governance ensures mobile code security?
Technical Implementation:
- •What technical controls restrict mobile code execution?
- •How do you implement browser security settings for mobile code?
- •What application whitelisting controls mobile code?
- •How do you sandbox or isolate mobile code execution?
- •What monitoring detects unauthorized mobile code?
Evidence & Documentation:
- •Can you provide mobile code usage policies?
- •What browser configurations restrict mobile code?
- •Can you demonstrate mobile code control implementation?
- •What evidence shows mobile code execution is controlled?
- •What audit findings verify mobile code compliance?
Ask AI
Configure your API key to use AI features.