C-002 - Network Segmentation Enforcement
Objective
Limit lateral movement by enforcing strict separation between exposed, application and internal zones.
Type
Preventive
Scope
- Heaven ↔ Hell flows
- Internal network segmentation
Implementation
- Firewall rules restricting inter-zone communication
- Explicit allow rules only
- Separation of services across hosts (target)
Related Risks
Validation
- Network flow testing
- Firewall rule review
Status
Planned
Owner
Ops