Compartmentalise

From The Secure Arc Wiki

Jump to: navigation, search

Contents

Assertion

Sub-systems will be partitioned logically and isolated using physical devices and/or security controls

Rationale

In accordance with the Minimise Attack Surface and Defence in Depth principles, the Compartmentalise principle keeps a sub-system, or logically grouped set of sub-systems, relatively self-contained such that compromise of one will not imply the compromise of another.

Related References

Policies & Standards

NIST - sp800-27 - Engineering Principles for Information Technology Security

  • Section 3.3 - IT Security Principles
    • Principle 5 - Assume that external systems are insecure. The term information domain arises from the practice of partitioning information resources according to access control, need, and levels of protection required. Organizations implement specific measures to enforce this partitioning and to provide for the deliberate flow of authorized information between information domains. An external domain is one that is not under your control.

Standard of Good Practice for Information Security

  • Section CI2.1.3
    • Live environments should be segregated from development and acceptance testing activity by storing system utilities away from the live environment when not in use and by using different computer rooms, processors, domains and partitions.
  • Section CB4.2.3
    • Run the application on a dedicated computer, mainframe partition or virtual server (ie a partition on a server running virtualisation software)

Design Patterns

Firewalls, process isolation, virtualisation, or other resource segregation, least privileged accounts, and least privileged code are examples of compartmentalising.

Navigation

Personal tools