The organisation’s IT systems are separated from OT systems through segmentation, either through physical means or logical means, at least in an ad hoc manner
Context and Guidance: This is a minimal approach, ranging from firewalls to remote access servers (a.k.a. jump boxes). Segmentation is an architectural tactic that provides a first line of defense aimed at containing the spread of attacks and preventing traversal of bad actors across systems (e.g., Web-facing systems, IT systems, and OT systems). Segmentation may include separation, implementation of trust zones, implementation of demilitarised zones (DMZs), or other architectural tactics.
Related Practices • Input From: Implementing ASSET-1c and ASSET-1d provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ARCHITECTURE-2b, ARCHITECTURE-2d, ARCHITECTURE-2h, ARCHITECTURE-2i, ARCHITECTURE-2j, ARCHITECTURE-2l.