NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION
SA-8(12) — Hierarchical Protection
Implement the security design principle of hierarchical protection in {{ insert: param, sa-08.12_odp }}.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
The principle of hierarchical protection states that a component need not be protected from more trustworthy components. In the degenerate case of the most trusted component, it protects itself from all other components. For example, if an operating system kernel is deemed the most trustworthy component in a system, then it protects itself from all untrusted applications it supports, but the applications, conversely, do not need to protect themselves from the kernel. The trustworthiness of users is a consideration for applying the principle of hierarchical protection. A trusted system need not protect itself from an equally trustworthy user, reflecting use of untrusted systems in "system high" environments where users are highly trustworthy and where other protections are put in place to bound and protect the "system high" execution environment.
Practitioner Notes
Hierarchical protection means applying stronger protection measures to more critical components and data. Not everything needs the same level of security — protect the crown jewels the most.
Example 1: Apply security controls proportional to data sensitivity. Public data gets basic access controls. Internal data gets encryption at rest and role-based access. CUI gets encryption in transit and at rest, DLP policies, and audit logging. Classified data gets all of the above plus physical controls and clearance requirements.
Example 2: In your network architecture, place the most sensitive systems behind multiple layers of protection: a DMZ for public-facing services, a general internal zone for standard workloads, and a restricted enclave with additional firewalls and monitoring for CUI and critical systems.