SC-32 System Partitioning
Partition the system into sc-32_odp.01 residing in separate sc-32_odp.02 domains or environments based on sc-32_odp.03.
| Parameter ID | Definition |
|---|---|
| sc-32_odp.01 | system components |
| sc-32_odp.02 |
Selection (one):
|
| sc-32_odp.03 | circumstances for the physical or logical separation of components |
Baselines
- L
- M
- H
- P
Guidance
System partitioning is part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components. Physical separation options include physically distinct components in separate racks in the same room, critical components in separate rooms, and geographical separation of critical components. Security categorization can guide the selection of candidates for domain partitioning. Managed interfaces restrict or prohibit network access and information flow among partitioned system components.
References 2
- FIPS 199 National Institute of Standards and Technology (2004) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 199.
- IR 8179 Paulsen C, Boyens JM, Bartol N, Winkler K (2018) Criticality Analysis Process Model: Prioritizing Systems and Components. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8179.
Control Enhancements 1
Related controls 7
- AC-04 Information Flow Enforcement L M H P
- AC-06 Least Privilege L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SC-02 Separation of System and User Functionality L M H P
- SC-03 Security Function Isolation L M H P
- SC-07 Boundary Protection L M H P
- SC-36 Distributed Processing and Storage L M H P