CMMC Practice AC.4.023

Control information flows between security domains on connected systems.

Source

CMMC Version 1.02, pg. 76

Bold Coast Security Guidance

A further refinement of implementing network segmentation, or VLANs, this control is specific to placing data in different zone according to its classification. The examples specifically cite CUI as a good starting point, but there may be other classifications of data in your network which would benefit from segmentation. Common segmentation also may occur between development. test, and production areas if your facility writes and code or supports a website. In order to further restrict access, you should also set user permissions, on folders/files containing CUI, and not allow "everyone" to have access. For very sensitive data, the organization may also consider using multi-factor authentication to validate the user access to that data. To measure the effectiveness of this particular control, you should include the segmentation in a penetration test conducted by security personnel. These tests will simulate the actions of an unauthorized intruder trying to access the restricted segment where CUI is stored, from the lesser restricted segment. These are usually conducted annually, but you may determine they should take place more or less often, depending upon the outcome of a risk assessment.

Discussion From Source

DRAFT NIST SP 800-171B (MODIFIED) Organizations employ information flow control policies and enforcement mechanisms to control the flow of information between designated sources and destinations within systems and between connected systems. Flow control is based on the characteristics of the information and/or the information path. Enforcement occurs, for example, in boundary protection devices that employ rule sets or establish configuration settings that restrict system services; provide a packet- filtering capability based on header information; or provide message-filtering capability based on message content. Transferring information between systems in different security domains with different security policies introduces risk that the transfers violate one or more domain security policies. In such situations, information owners or stewards provide guidance at designated policy enforcement points between connected systems. Organizations mandate specific architectural solutions when required to enforce logical or physical separation between systems in different security domains. Enforcement includes prohibiting information transfers between connected systems; employing hardware mechanisms to enforce one-way information flows; and verifying write permissions before accepting information from another security domain or connected system.

References