Architecture Frameworks and Secure Network Architectures
Industry-Standard Frameworks and Reference Architectures
Regulatory
NERC CIP – https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
Non-regulatory
NIST CSF – https://www.nist.gov/cyberframework
-
-
-
-
- Framework Core
- Implementation Tiers
- Framework Profiles
-
-
-
National vs International
FedRAMP – https://www.fedramp.gov/
US-EU Safe Harbor Framework (old) – https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework
EU-US Privacy Shield Framework (new) – https://www.privacyshield.gov/EU-US-Framework
GDPR – https://gdpr-info.eu/
Industry-specific
HITRUST CSF – https://hitrustalliance.net/hitrust-csf/
Benchmarks / Secure Configuration Guides
CIS
NVD
STIGs
Platform / Vendor-Specific Guides
General Purpose Guides
CIS Controls
Defense in Depth / Layered Security
Vendor diversity
Control diversity
Administrative
Technical
Physical
User Training
Zones and Topologies
DMZ
Extranet
Intranet
Wifi
Guest
Honeynets
NAT
-
-
-
- Static
- Dynamic
- PAT
-
-
Ad Hoc
Segregation / Segmentation / Isolation
RSTP
Flat / depthless networks
Enclaves
The Zero-Trust Security Model:
https://en.wikipedia.org/wiki/Zero_trust_security_model
Physical
Logical (VLANs)
Trunking
Virtualization
Air Gaps
Tunneling / VPN
Site-to-Site
Remote Access
Security Device Placement
Sensors
Collectors
Correlation Engines
Filters
Proxies
Firewalls
VPN Concentrators
SSL Accelerators
Load Balancers
DDoS Mitigators
Aggregation Switches
Taps and Port Mirrors