PL-08(01) Defense in Depth
Design the security and privacy architectures for the system using a defense-in-depth approach that:
(a) Allocates pl-08.01_odp.01 to pl-08.01_odp.02 ; and
(b) Ensures that the allocated controls operate in a coordinated and mutually reinforcing manner.
| Parameter ID | Definition |
|---|---|
| pl-08.01_odp.01 | controls |
| pl-08.01_odp.02 | locations and architectural layers |
Baselines
- L
- M
- H
- P
Guidance
Organizations strategically allocate security and privacy controls in the security and privacy architectures so that adversaries must overcome multiple controls to achieve their objective. Requiring adversaries to defeat multiple controls makes it more difficult to attack information resources by increasing the work factor of the adversary; it also increases the likelihood of detection. The coordination of allocated controls is essential to ensure that an attack that involves one control does not create adverse, unintended consequences by interfering with other controls. Unintended consequences can include system lockout and cascading alarms. The placement of controls in systems and organizations is an important activity that requires thoughtful analysis. The value of organizational assets is an important consideration in providing additional layering. Defense-in-depth architectural approaches include modularity and layering (see SA-8(3) ), separation of system and user functionality (see SC-2 ), and security function isolation (see SC-3).
Related controls 4
- SC-02 Separation of System and User Functionality L M H P
- SC-03 Security Function Isolation L M H P
- SC-29 Heterogeneity L M H P
- SC-36 Distributed Processing and Storage L M H P