Chandramouli, R.
(2022),
Guide to a Secure Enterprise Network Landscape, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-215, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935714
(Accessed April 25, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to a Secure Enterprise Network Landscape
Published
Author(s)
Abstract
Access to multiple cloud services, the geographic spread of enterprise Information Technology (IT) resources (including multiple data centers), and the emergence of microservices-based applications (as opposed to monolithic ones) have significantly altered the enterprise network landscape. This document is meant to provide guidance to this new enterprise network landscape from a secure operations perspective. Hence, it starts by examining the security limitations of current network access solutions to the enterprise network. It then considers security feature enhancements to traditional network appliances in the form of point security solutions, network configurations for various security functions (e.g., application/services security, cloud services access security, device or endpoint security), security frameworks that integrate these individual network configurations (e.g., zero trust network access [ZTNA]), and the evolving wide area network (WAN) infrastructure to provide a comprehensive set of security services for the modern enterprise network landscape (e.g., secure access service edge [SASE]).Citation
Special Publication (NIST SP) - 800-215
Report Number
800-215
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
cloud access security broker (CASB), firewall, microsegmentation, secure access service edge (SASE), secure web gateway (SWG), security orchestration, automation, and response (SOAR), software-defined perimeter (SDP), software-defined wide area network (SD-WAN), virtual private network (VPN), zero trust network access (ZTNA)
Citation
Created November 17, 2022, Updated November 29, 2022