This article provides additional information on how you can meet the requirement for the CAF control – B5.b Design for Resilience.
Designing Systems for Resilience
- Internal systems, management tools and support processes should be designed to remain resilient during security incidents or outages. This ensures essential services can continue even if part of the environment is disrupted.
- These arrangements should align with the organisation’s Business Continuity and Disaster Recovery Plan, maintained within Adoptech.
Segmentation of Management Systems
- Management systems (e.g. RMM, backup consoles, PSA tools, privileged admin platforms) should be separated from day-to-day business networks using VLANs, firewall rules and access controls.
- Administrative access should only be performed from trusted, secured devices such as Privileged Access Workstations (PAWs)and dedicated administrative laptops
- Typical tools that support segmentation include: Meraki, Fortinet, Auvik, Azure or Microsoft 365 built-in segmentation features.
Administrative Network Isolation
-
Internet browsing and email should not be carried out from systems used to manage client environments.
-
This reduces the attack surface and keeps administrative networks isolated from common threats.