SC-32 System Partitioning

System and Communications Protection

Description

Partition the system into [Assignment: organization-defined system components] residing in separate [Selection: physical; logical] domains or environments based on [Assignment: organization-defined circumstances for physical or logical separation of components].

Supplemental Guidance

System partitioning is part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components. Physical separation options include physically distinct components in separate racks in the same room, critical components in separate rooms, and geographical separation of critical components. Security categorization can guide the selection of candidates for domain partitioning.

Changes from Rev 4

No significant changes from Rev 4.

MITRE ATT&CK Techniques (1)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Reconnaissance 1

Reconnaissance

T1590.002 DNS

Compliance Mappings

ISO 27001:2022

A.8.22A.8.27A.8.31

ISO 27002:2022

8.228.278.31

CIS Controls v8

CIS 12.2CIS 12.8CIS 16.8CIS 3.12CIS 4.12

NIST CSF 2.0

PR.IR-01

FINOS CCC

CCC-C09

IEC 62443

3-3 SR 5.1

BSI IT-Grundschutz

NET.1.1

BIO2

8.228.278.31

RBI CSF

Annex1.4

HKMA TM-E-1

TME1.7.3

MLPS 2.0

8.1.2.18.2

DNB Good Practice

DNB.10.3

SWIFT CSCF

SWIFT.1.1

SAMA CSF

3.3

NCA ECC

2-32-55-1

UAE IA

CBB TM

TM-8

Qatar NIA

BoM CTRM

3.2

IOSCO Cyber Resilience

PROT-2

FFIEC IS

II.C.2

HIPAA Security Rule

§164.308(a)(4)(ii)(A)§164.314(b)(2)

SEBI CSCRF

PR.NS

BOT Cyber Resilience

Ch2.4

10 CFR 73.54

73.54(c)(1)73.54(c)(2)RG5.71-A-SC

TSA Pipeline SD

SD-2 Sec ASD-2 Sec F

DOE C2M2 v2.1

ARCHITECTURE

API 1164

Sec 5

AWIA

AWWA Sec 4

IAEA NSS 17-T

Sec 5.1

ISO 27799

13.1

NHS DSPT

NDG-9.2