Segregation in Networks. Groups of information services, users, and information systems shall be segregated on networks. Supplier shall implement and maintain security gateways which include but are not limited to firewalls and intrusion detection or protection systems which will forward event data and security alerts to a centralized XXXX system for analysis, reporting, and incident response. Supplier shall perform firewall configuration and Access Control List reviews on a regular basis, but not less often than monthly, to ensure appropriate controls and configurations are applied to limit traffic to only what is required for business operations, shall be used between internal network, external networks, and any demilitarized zone (DMZ).
Segregation in Networks ensure the network is segregated appropriately to facilitate effective information security. This may relate to separate network domains based on entity, location, workgroup or technology considered less trusted;
