SB.11.004 Network Segmentation and zoning
Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment.
Each network segment is separated by a (virtual) Firewall.
Best practices for Network Naming Security are followed.
Managed systems belong to one organisationally managed security domain.
DNS servers only allow zone transfers between authorised internal DNS servers.
DNSSEC is implemented for DNS zones owned by the organisation.