question on security form

Mike Davis

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

dbeato

@mike-davis said in question on security form:

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

Looking for IDS, DMZ limit, VLANs, NCLs and so forth. FIrewall and Intrusion Prevention systems.
Based on
https://resources.trendmicro.com/rs/945-CXD-062/images/sans_top20_csc_trendmicro2016.pdf

Dashrender

Yeah, I wouldn't say it's limited to VLANs, but it's about limiting data access from one network to the next.

scottalanmiller

@mike-davis said in question on security form:

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

This is what happens when "IT Buyers" try to write technical docs.

This means nothing, nothing at all. This is monkies throwing words at a page. You can use VLANs to meet the requirements of the words, and that's likely the best course of action. Just be aware that there is no intent behind them, no intelligence strung this gibberish together, it's just BS to convince someone higher up that they could write words on paper.

momurda

@scottalanmiller said in question on security form:

@mike-davis said in question on security form:

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

This is what happens when "IT Buyers" try to write technical docs.

This means nothing, nothing at all. This is monkies throwing words at a page. You can use VLANs to meet the requirements of the words, and that's likely the best course of action. Just be aware that there is no intent behind them, no intelligence strung this gibberish together, it's just BS to convince someone higher up that they could write words on paper.

This is what I thought when I read that requirement. Just total gibberish words thrown down on paper. But Red Tape is Red Tape. G-man managers gotta eat to, apparently.

scottalanmiller

@momurda said in question on security form:

@scottalanmiller said in question on security form:

@mike-davis said in question on security form:

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

This is what happens when "IT Buyers" try to write technical docs.

This means nothing, nothing at all. This is monkies throwing words at a page. You can use VLANs to meet the requirements of the words, and that's likely the best course of action. Just be aware that there is no intent behind them, no intelligence strung this gibberish together, it's just BS to convince someone higher up that they could write words on paper.

This is what I thought when I read that requirement. Just total gibberish words thrown down on paper. But Red Tape is Red Tape. G-man managers gotta eat to, apparently.

Exactly, he needs to follow it, but needs to understand that there is no rhyme or reason.

Kelly

@mike-davis said in question on security form:

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

Most government security controls are based on NIST Special Publication 800-53 (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf). There is some guidance within that document itself to define what they're referring to with the control.