NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-32System Partitioning

Partition the system into {{ insert: param, sc-32_odp.01 }} residing in separate {{ insert: param, sc-32_odp.02 }} domains or environments based on {{ insert: param, sc-32_odp.03 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

System partitioning is part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components. Physical separation options include physically distinct components in separate racks in the same room, critical components in separate rooms, and geographical separation of critical components. Security categorization can guide the selection of candidates for domain partitioning. Managed interfaces restrict or prohibit network access and information flow among partitioned system components.

Practitioner Notes

Partition your system into distinct components so that a failure or compromise in one partition does not affect others. Each partition has its own security boundary.

Example 1: Separate your CUI-processing environment from your general office network. CUI systems sit on their own VLAN with dedicated servers, separate Active Directory OU policies, and independent backup systems. A compromise of the general network does not give access to CUI systems.

Example 2: In cloud deployments, use separate Azure subscriptions or AWS accounts for production, development, and security operations. Each subscription has its own identity boundary, network, and access controls. A compromised development account cannot reach production resources.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability