Preface on Sub-Controls 12.1 and 12.4

Both of these sub controls are supported by first having a good network discovery process. Tenable Security Center helps customers gain a more accurate understanding of the systems active within their environment. As the systems are identified and the security team moves from the Discover to the Access phase, the team begins to understand what normal is, and gains an understanding of the traffic authorized. At the completion of these two steps, the security team is ready to start progressing in sub control 12.1 and begin taking inventory of all the networks, establishing a baseline of traffic patterns. As the team Analyzes (the third step in the life cycle) the previously collected data, a fundamental pattern should emerge and documentation of authorized traffic will reveal itself.

When documenting the inventory, the organization should consider the follow key items for traffic classification:

• What Classless Inter-Domain Routing (CIDR) boundaries are used, and how do they map to VLAN’s?

• Who are the primary users or operators in the subnet or network segment.

• What is the traffic that is normal traffic?

• Are there services running in the network segment?

• Where are the network access controls in relation to the network segment?

As the security team defines each of these questions for each network segment, a network traffic policy will develop. From these set up policies, a clear set of access controls can be defined.