11.7: Manage Network Infrastructure Through a Dedicated Network
Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Protect |
2, 3 |
Dependencies
None
Inputs
List of management/administration paths for network infrastructure
Operations
For each management path in Input 1, use a tool or process (which might be manual review) to determine if that management network connection is separate from all business (non-network management) network connections.
Create a list (M1) of the management paths that are separate from all non-network management network connections (noting the type of network separation - VLAN, physical, etc.)
Create a list of the management paths that do not have adequate separation from non-network management connections (M2) noting the deviations.
Measures
M1 = List of network management paths that are adequately separated (compliant list)
M2 = List of network management paths that are not adequately separated (non-compliant list)
M3 = Count of adequately separated network management paths (count of M1)
M4 = Total count of network management paths (count of Input 1)
Metrics
Coverage
Metric |
The ratio of adequately separated management paths to the total number of management
paths.
|
Calculation |
|