Content library
CIS 18 controls
12.4: Establish and Maintain Architecture Diagram(s)

Requirement description

Establish and maintain architecture diagram(s) and/or other network system documentation. Review
and update documentation annually, or when significant enterprise changes occur that could impact
this Safeguard.

How to fill the requirement

CIS 18 controls

12.4: Establish and Maintain Architecture Diagram(s)

Task name
Priority
Status
Theme
Policy
Other requirements
Establishing and maintaining diagram(s) of architecture
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
1
requirements

Examples of other requirements this task affects

12.4: Establish and Maintain Architecture Diagram(s)
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining diagram(s) of architecture
1. Task description

To establish and maintain architecture diagrams and network system documentation, the organization undertakes tasks such as maintaining a comprehensive listing of data systems.

The organization assigns owners who are responsible for completing associated documentation and security measures, ensuring it is regularly reviewed and updated.

Documentation of interfaces and connections between data systems is meticulously maintained and reviewed to integrate any changes.

Network areas and structurally secure network design
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
21
requirements

Examples of other requirements this task affects

13.1.3: Segregation in networks
ISO 27001
PR.AC-5: Network integrity
NIST
8.22: Segregation of networks
ISO 27001
ARCHITECTURE-2: Implement Network Protections as an Element of the Cybersecurity Architecture
C2M2
CC6.6: Logical access security measures against threats from sources outside system boundries
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Network areas and structurally secure network design
1. Task description

An owner is defined for an organization's networks. The owner is responsible for planning the structure of the network and documenting it.

Separate network areas are used in network design as needed. Domain areas can be defined by e.g.:

  • trust level (eg public, workstations, server)
  • organizational units (eg HR, financial management)
  • or by some combination (for example, a server domain that is connected to multiple organizational units)

Separation can be implemented either with physically separate networks or with logically separate networks.

Structural security of the network
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
6
requirements

Examples of other requirements this task affects

TEK-01: Verkon rakenteellinen turvallisuus
Julkri
ARCHITECTURE-2: Implement Network Protections as an Element of the Cybersecurity Architecture
C2M2
PR.AC-5: Network integrity (network segregation, network segmentation… ) is protected.
CyberFundamentals
2.2.3: Segment the organisation’s network in accordance with its risk profile
NSM ICT-SP
2.3.10: Reduce the risk posed by IoT devices
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Structural security of the network
1. Task description

The data processing environment is separated from public data networks and other environments with a lower security level in a sufficiently safe manner.

Separation of data systems is one of the most effective factors in protecting confidential information. The goal of separation is to delimit the processing environment of confidential information into a manageable entity, and in particular to be able to limit the processing of confidential information to sufficiently secure environments only. Separation of environments can be implemented, for example, with the help of a firewall solution.

Configuration management and change log
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
12
requirements

Examples of other requirements this task affects

8.9: Configuration management
ISO 27001
CC7.1: Procedures for monitoring changes to configurations
SOC 2
1.2.4: Definition of responsibilities with service providers
TISAX
PR.IP-3: Configuration change control processes are in place.
CyberFundamentals
DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Configuration management and change log
1. Task description

Current configurations of devices, data systems and networks are documented and a log is maintained of configuration changes.

Changes to configurations must be controlled and go through the change management procedure. Only authorized personnel are allowed to make changes to the configurations.

Configuration information may include e.g.:

  • property owner and contact point information
  • date of last configuration change
  • configuration model version
  • connections to other assets

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.