6.8 Network segmentation
6.8.1. The relevant entities shall segment systems into networks or zones in accordance with the results of the risk assessment referred to in point 2.1. They shall segment their systems and networks from third parties’ systems and networks.
6.8.2. For that purpose, the relevant entities shall
(a) consider the functional, logical and physical relationship, including location, between trustworthy systems and services;
(b) apply the same security measures to all network and information systems in the same zone;
(c) grant access to a network or zone based on an assessment of its security requirements;
(d) keep all systems that are critical to the relevant entities operation or to safety in one or more secured zones;
(e) restrict access and communications between and within zones to those necessary for the operation of the relevant entities or for safety;
(f) separate the dedicated network for administration of network and information systems from the relevant entities’ operational network;
(g) segregate network administration channels from other network traffic;
(h) separate the production systems for the entities’ services from systems used in development and testing, including backups.
6.8.3. The relevant entities shall review and, where appropriate, update network segmentation at planned intervals and when significant incidents or significant changes to operations or risks
Navigieren Sie sicher durch die NIS2-Richtlinie!
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!