Network Security Controls (PS-08-027)
PS-08-027 Network Security Controls
Issue Date: 3/20/2008
Effective Date: 3/20/2008
Review Date: 12/1/2020
IT networks logically and physically extend data, processing and communication across the organization and beyond organizational boundaries. Security of IT networks is a critical element in an organization’s information security infrastructure and to obtaining and maintaining established security objectives.
To reduce the risk of having a successful and possibly very costly compromise to a network adequate network security requires the proper combination of security policies, procedures, and personnel, as well as technical and operational controls applied in a defense-in-depth approach.
This policy requires each agency to establish multiple layers of network security controls along with network security best practices for State information systems to minimize the risks of attack or compromise while providing acceptable functionality and performance.
Agencies shall implement a defense-in-depth strategy and network security best practices for securing the information technology networks that they operate. These strategies shall provide protection for the network communications and infrastructure, network boundary, control the flow of information and access to the computing environment (hosts/servers/applications/data, etc) while still providing acceptable functionality and performance.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
TERMS and DEFINITIONS
Defense-in Depth – An Information Assurance (IA) “best practices” strategy for protecting networked environments where multiple layers of security defenses (policy, personnel, technology and operations) are placed throughout a network infrastructure to protect internal data, systems, networks, and users such that if one mechanism fails, another will already be in place to continue to protect the assets.