T5.4.6 - NETWORK ROUTING CONTROL Implementation Guidance
The entity shall implement network routing controls to ensure that computer connections and information flows do not breach the access control policy of the business applications.
Back to T5.4.6 - P3 - NETWORK ROUTING CONTROL
Routing controls should be based on positive source and destination address checking mechanisms.
Managed interfaces include, for example, gateways, routers, firewalls, guards, network-based malicious code analysis and virtualization systems, or encrypted tunnels implemented within a security architecture (e.g., routers protecting firewalls or application gateways residing on protected sub-networks). Sub-networks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. Restricting or prohibiting interfaces within organizational information systems includes, for example, restricting external web traffic to designated web servers within managed interfaces and prohibiting external traffic that appears to be spoofing internal addresses.
