NIST CSF 2.0 · All Functions · PR Protect · PR.IR Technology Infrastructure Resilience

PR.IR-01

Networks and environments are protected from unauthorized logical access and usage

Implementation examples

Ex1: Logically segment organization networks and cloud-based platforms according to trust boundaries and platform types (e.g., IT, IoT, OT, mobile, guests), and permit required communications only between segments
Ex2: Logically segment organization networks from external networks, and permit only necessary communications to enter the organization's networks from the external networks
Ex3: Implement zero trust architectures to restrict network access to each resource to the minimum necessary
Ex4: Check the cyber health of endpoints before allowing them to access and use production resources

Mapped NIST 800-53 r5 controls (5)

Mapped CWE weaknesses (4)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1220←M →P CWE-200→P CWE-284←P →P CWE-285←P →P

All informative references (77)

AI-SOC: AI-SOC-07
AI-SOC: AI-SOC-24
CCMv4.0: AIS-04
CCMv4.0: AIS-06
CCMv4.0: DCS-12
CCMv4.0: DSP-10
CCMv4.0: DSP-15
CCMv4.0: IVS-03
CCMv4.0: IVS-05
CCMv4.0: IVS-06
CCMv4.0: IVS-09
CCMv4.0: UEM-05
CCMv4.0: UEM-14
CIS Controls v8.0: 3.12
CIS Controls v8.0: 12.2
CIS Controls v8.1: 3.12
CIS Controls v8.1: 12.2
CRI Profile v2.0: PR.IR-01
CRI Profile v2.0: PR.IR-01.01
CRI Profile v2.0: PR.IR-01.02
CRI Profile v2.0: PR.IR-01.03
CRI Profile v2.0: PR.IR-01.04
CRI Profile v2.0: PR.IR-01.05
CRI Profile v2.0: PR.IR-01.06
CRI Profile v2.0: PR.IR-01.07
CRI Profile v2.0: PR.IR-01.08
CSF v1.1: PR.AC-3
CSF v1.1: PR.AC-5
CSF v1.1: PR.DS-7
CSF v1.1: PR.PT-4
Guardian-SDK: GS-PF-01
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 8.20
ISO/IEC 27001:2022: Annex A Controls: 8.21
ISO/IEC 27001:2022: Annex A Controls: 8.22
NICE Framework: DD-WRL-001
NICE Framework: DD-WRL-002
NICE Framework: DD-WRL-004
NICE Framework: DD-WRL-006
NICE Framework: DD-WRL-009
NICE Framework: IO-WRL-004
NICE Framework: OG-WRL-001
NICE Framework: OG-WRL-014
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM06-2025
OWASP Top 10 LLM Applications: LLM10-2025
PCI DSS: 1.2.3
PCI DSS: 1.2.4
PCI DSS: 10.2.1
PCI DSS: 5.2.1
PCI DSS: 5.2.2
PCI DSS: 5.2.3
PCI DSS: 5.2.3.1
PCI DSS: 11.2.1
SCF: NET-01
SCF: SEA-01
SCF: SEA-02
SDOS: SDOS-AD-01
SDOS: SDOS-EN-02
SP 800-171 Rev 3: 03.01.02
SP 800-171 Rev 3: 03.01.03
SP 800-171 Rev 3: 03.13.01
SP 800-171 Rev 3: 03.13.04
SP 800-171 Rev 3: 03.13.06
SP 800-53 Rev 5.1.1: AC-03
SP 800-53 Rev 5.1.1: AC-04
SP 800-53 Rev 5.1.1: SC-04
SP 800-53 Rev 5.1.1: SC-05
SP 800-53 Rev 5.1.1: SC-07
SP 800-53 Rev 5.2.0: AC-03
SP 800-53 Rev 5.2.0: AC-04
SP 800-53 Rev 5.2.0: SC-04
SP 800-53 Rev 5.2.0: SC-05
SP 800-53 Rev 5.2.0: SC-07
SP 800-81r3: 4.2.2
SP 800-81r3: 4.3
SSDF: PO.5.1

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).