Firewall / Net Seg
Manage network boundaries, segmentation, and filtering.
9 of 9 frameworks cover this control
Framework Mappings
How Firewall / Net Seg maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.IR-01 |
| ISO 27001 | Covered | A.8.20 A.8.21 A.8.22 |
| CIS v8 | Covered | CIS 9.2 CIS 9.3 CIS 12.2 |
| SOC 2 | Covered | CC6.1 CC6.6 |
| PCI DSS | Covered | 1.2.1 1.3.1 1.3.2 1.4.1 |
| CMMC | Covered | SC.L2-3.13.1 SC.L2-3.13.5 SC.L2-3.13.6 |
| 800-53 | Covered | SC-7 AC-4 |
| HIPAA | Covered | §164.312(e)(1) |
| GDPR | Covered | Art.32(1)(b) |
About Firewall / Net Seg
Firewall / Net Seg is a cybersecurity control in the Protect domain. Manage network boundaries, segmentation, and filtering. Firewalls and network segmentation are foundational network security controls that restrict traffic flow between network zones to limit the blast radius of a breach and prevent lateral movement. Implementation includes deploying perimeter firewalls, internal segmentation firewalls, and micro-segmentation to isolate sensitive environments like cardholder data environments, production systems, and management networks. Firewall rules should follow a default-deny approach, be reviewed at least semi-annually, and be documented with business justifications for each allowed traffic flow.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.