PR.IR-01 - Protecting Against Unauthorized Network Access
PR.IR-01 protects networks and environments from unauthorized logical access by segmenting them based on trust boundaries (e.g., IT, IoT, OT) and restricting communications to essentials. This includes zero trust architectures and endpoint health checks to limit access to verified devices only. It prevents intruders from moving freely within systems.
This subcategory enhances resilience by isolating critical segments and blocking unnecessary external connections, aligning protections with risk levels. It ensures that only authorized, healthy endpoints interact with resources, reducing exposure. PR.IR-01 fortifies the logical perimeter of the organization’s infrastructure.
