System Guides

 A.8.22 Segregation of Networks would include:

1. Network Architecture Diagrams: Detailed diagrams illustrating the network topology, including the physical and logical segregation of different networks within the organization.

2. Network Segmentation: Documentation of how networks are segmented to isolate critical assets and sensitive data from general network traffic.

3. Access Controls: Evidence of access controls and network segmentation measures to restrict unauthorized access between different network segments.

4. Network Access Policies: Documentation of policies governing network access, including the rules for communication between different segments and the restrictions on inter-segment traffic.

5. VLAN (Virtual Local Area Network) Configuration: Configuration details of VLANs used to segregate network traffic and create separate broadcast domains.

6. Firewall Rules: Logs and configurations of firewall rules that control traffic flow between network segments and protect critical assets.

7. Network Gateway Controls: Documentation of gateway controls and routing configurations used to manage traffic between different networks.

8. Network Monitoring: Evidence of network monitoring practices, including traffic analysis and anomaly detection, to identify unauthorized attempts to access different network segments.

9. Network Security Audits: Reports from network security audits and assessments conducted to evaluate the effectiveness of network segregation controls.

10. Incident Response Records: Records of any incidents related to unauthorized access or attempted breaches of network segregation.

11. Network Access Logs: Logs of network access, including details of authorized users accessing specific network segments.

12. Change Management for Network Segregation: Documentation of change management processes related to network segmentation, ensuring that any changes are properly authorized and tested.

By examining these pieces of evidence, an auditor can assess the organization's compliance with network segregation principles and the effectiveness of controls in place to protect critical assets and data. The goal is to verify that network segments are appropriately isolated and that unauthorized access between different network segments is adequately prevented to minimize the risk of unauthorized access and data breaches.