Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment.
Each network segment is separated by a (virtual) Firewall.
Best practices for Network Naming Security are followed.
Managed systems belong to one organisationally managed security domain.
Specification
DNS servers only allow zone transfers between authorised internal DNS servers.
DNSSEC is implemented for DNS zones owned by the organisation.
ISO 27001 & 27002:2022
A5.8,
A8.14,
A8.20,
A8.21,
A8.22,
A8.31
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.08 Infrastructure resource protection and availability
SM.11 Network security