[cabf_netsec] NIST Definitions re: physical and logical "zones"

Ben Wilson bwilson at mozilla.com
Mon Oct 4 15:33:02 UTC 2021

FWIW to help with looking at the "Zones" ballot and distinguishing between
physical and logical security, here are just a few NIST definitions from
https://csrc.nist.gov/glossary/.Physically Isolated Network
A network that is not connected to entities or systems outside a physically
controlled space.  NIST SP 800-32 <https://doi.org/10.6028/NIST.SP.800-32>

internal network
A network where the establishment, maintenance, and provisioning of
security controls are under the direct control of organizational employees
or contractors. NIST SP 800-53 Rev. 5

external network
A network not controlled by the organization.  NIST SP 800-53 Rev. 5
<https://doi.org/10.6028/NIST.SP.800-53r5>, etc.
logical perimeter A conceptual perimeter that extends to all intended users
of the system, both directly and indirectly connected, who receive output
from the system without a reliable human review by an appropriate
authority. The location of such a review is commonly referred to as an “air
gap”.  CNSSI 4009-2015
Physical or logical perimeter of a system. CNSSI 4009-2015
NIST SP 800-172 <https://doi.org/10.6028/NIST.SP.800-171r2>

boundary protection Monitoring and control of communications at the
external interface to a system to prevent and detect malicious and other
unauthorized communications using boundary protection devices. NIST SP
800-53 Rev. 5 <https://doi.org/10.6028/NIST.SP.800-53r5>
security domain An environment or context that includes a set of system
resources and a set of system entities that have the right to access the
resources as defined by a common security policy, security model, or
security architecture. See Security Domain.  NIST SP 800-53 Rev. 5
<https://doi.org/10.6028/NIST.SP.800-53r5> under domain

environment of operation
The physical surroundings in which an information system processes, stores,
and transmits information.   NIST SP 800-37 Rev. 2
<https://doi.org/10.6028/NIST.SP.800-37r2>, etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20211004/bbdd1af4/attachment.html>

More information about the Netsec mailing list