NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(20)Dynamic Isolation and Segregation

Provide the capability to dynamically isolate {{ insert: param, sc-07.20_odp }} from other system components.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The capability to dynamically isolate certain internal system components is useful when it is necessary to partition or separate system components of questionable origin from components that possess greater trustworthiness. Component isolation reduces the attack surface of organizational systems. Isolating selected system components can also limit the damage from successful attacks when such attacks occur.

Practitioner Notes

Dynamic isolation means the system can automatically quarantine compromised or suspicious network segments in real time without waiting for an administrator to manually reconfigure the network.

Example 1: Configure Microsoft Defender for Endpoint to automatically isolate compromised machines from the network. When a high-severity threat is detected, the agent blocks all network connections except communication with the Defender cloud service, cutting the attacker off instantly.

Example 2: Use Cisco ISE or Aruba ClearPass to dynamically move compromised devices to a quarantine VLAN based on alerts from your IDS/IPS. When Suricata detects command-and-control traffic from a host, ISE automatically changes that port's VLAN assignment.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability