{
    "type": "bundle",
    "id": "bundle--eecccda2-5dcf-4ef2-b90c-f06b677e531c",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-30T20:55:18.480Z",
            "name": "Network Segmentation",
            "description": "Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network.  Restrict network access to only required systems and services. In addition, prevent systems from other networks or business functions (e.g., enterprise) from accessing critical process control systems. For example, in IEC 62443, systems within the same secure level should be grouped into a zone, and access to that zone is restricted by a conduit, or mechanism to restrict data flows between zones by segmenting the network. (Citation: IEC February 2019) (Citation: IEC August 2013)",
            "labels": [
                "IEC 62443-3-3:2013 - SR 5.1",
                "IEC 62443-4-2:2019 - CR 5.1",
                "NIST SP 800-53 Rev. 4 - AC-3"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "type": "course-of-action",
            "id": "course-of-action--1e7ccfc0-94c8-496e-8d27-032120892291",
            "created": "2019-06-10T20:41:03.271Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/mitigations/M0930",
                    "external_id": "M0930"
                },
                {
                    "source_name": "IEC February 2019",
                    "description": "IEC 2019, February Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components Retrieved. 2020/09/25 ",
                    "url": "https://webstore.iec.ch/publication/34421"
                },
                {
                    "source_name": "IEC August 2013",
                    "description": "IEC 2013, August Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels Retrieved. 2020/09/25 ",
                    "url": "https://webstore.iec.ch/publication/7033"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ]
        }
    ]
}