PR.IR-01:

Implementation Examples

Ex1:

Logically segment organization networks and cloud-based platforms according to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests), and permit required communications only between segments

Ex2:

Logically segment organization networks from external networks, and permit only necessary communications to enter the organization's networks from the external networks

Ex3:

Implement zero trust architectures to restrict network access to each resource to the minimum necessary

Ex4:

Check the cyber health of endpoints before allowing them to access and use production resources