Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system.
NIST 800-53 (r4) Supplemental Guidance:
The capability to dynamically isolate or segregate certain internal components of organizational information systems is useful when it is necessary to partition or separate certain components of dubious origin from those components possessing greater trustworthiness. Component isolation reduces the attack surface of organizational information systems. Isolation of selected information system components is also a means of limiting the damage from successful cyber attacks when those attacks occur.
NIST 800-53 (r5) Discussion:
The capability to dynamically isolate certain internal system components is useful when it is necessary to partition or separate system components of questionable origin from components that possess greater trustworthiness. Component isolation reduces the attack surface of organizational systems. Isolating selected system components can also limit the damage from successful attacks when such attacks occur.
38North Guidance:
Meets Minimum Requirement:
Manually disconnect a system component's Virtual Network Interface Card (VNIC) from the network.
Modify associated firewall and NACL rulesets to deny ingress/egress connections to system components.
Best Practice:
For Virtual Machines (VM), terminate an instance while preserving the boot volume. Launch a new instance, and attach the preserved boot volume as a block volume for troubleshooting.
Take a snapshot or a backup of a system component; then terminate or shutdown that system component. Re-instantiate the system component (from the snapshot or backup) inside a sandbox environment.
Utilize software such as Guardicore or Splunk Phantom to dynamically isolate/quarantine system components based on behavioral analytics and predefined playbooks, respectfully.
Unofficial FedRAMP Guidance:
Manual techniques for dynamically isolating/segregating system components may suffice.
Assessment Evidence:
Demonstration of isolating/segregating a system component via firewall/NACL modification.
Configuration settings of software components that provide dynamic isolation/segregation capability.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse