Network protections are defined and enforced for selected asset types according to asset risk and priority (for example, internal assets, perimeter assets, assets connected to the organisation’s Wi-Fi, cloud assets, remote access, and externally owned devices)
Context and Guidance: Network protections should be designed to enforce defined controls based on different asset types. The decision to implement stricter controls may be based on factors like the trust of certain asset types or the sensitivity of information that may be accessed by an asset type. For example, remote connections could present greater risk and would be subject to additional protections. Alternatively, IT assets that only operate on the internal network may be more trusted and therefore require less rigorous network protections.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ARCHITECTURE-2a, ARCHITECTURE-2c, ARCHITECTURE-2e, ARCHITECTURE-2f, ARCHITECTURE-2g, ARCHITECTURE-2k.