This section addresses secure design and architecture of the organization’s network from both management and operational perspectives Implementation Assessment Cisco – CLI Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.4 This is guidance for Cisco on how to control network access by using ASA rules on how to configure your firewalls. Colorado Department of Education – Network Firewall Implementation Policy This sample document serves as an example network firewall implementation policy to help protect internal networks and manage traffic in and out of the network. Hysolate – Endpoint and network segmentation best practices This article speaks to the deficiencies in current network segmentation for the endpoint and network segmentation best practices. Information Security Program – Network Security Best Practices and Checklist This article discusses best practices for network security such as network basics, network segmentation, and a network security checklist. LiveAction – Five Steps for Effective Monitoring of Network Traffic This article describes how monitoring network traffic is essential to ensure your network is running optimally. Microsoft TechNet – Firewalls This article covers the design, deployment, and use of both network and host-based firewalls. Microsoft TechNet – Perimeter Firewall Design This module helps you to select a suitable firewall product for your organization's perimeter network. Nano Dimension – Best Practices for Network Segmentation Best Practices for network segmentation for defense companies. NIST SP 800-41 Guidelines on Firewalls and Firewall Policy This NIST Special Publication provides information to organizations about firewall technologies and policies. NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) This NIST Special Publication describes the characteristics of IDPS technologies, with recommendations for configuring and managing such devices. opsview – How To Monitor Network Traffic This blog post describes the ways network monitoring can enhance information security. Palo Alto Networks – What is Network Segmentation? Defines network segmentation and the difference between logical and physical network segmentation and the use cases for it. SANS Institute – Firewall Checklist This SANS checklist provides a generic listing of security considerations to be used when auditing the technical aspects of a firewall. SANS Whitepaper – Achieving Defense-in-Depth with Internal Firewalls This whitepaper from SANS discusses firewall and perimeter protections focusing on defense-in-depth. SANS Whitepaper – Proxies and Packet Filters in Plain English This SANS whitepaper describes firewall and perimeter protections. SANS Whitepaper – Web Application Firewalls This SANS whitepaper discusses the need for web application firewalls. Scalyr – Network Traffic Monitoring: The 7 Best Tools Available to You This blog post describes the details of several network traffic monitoring tools. Security Intelligence – How to Leverage Log Services to Analyze C&C Traffic This article discusses how to utilize log services to detect attacks and indicators of attacks. Texas Wesleyan University – Sample Firewall Policy This sample policy defines the essential rules regarding the management and maintenance of firewalls at Texas Wesleyan. Threat Stack Blog – How to Monitor Outbound and Inbound Connections to Maintain Cloud Security This article describes the maintenance of cloud security through monitoring inbound and outbound connections TrendMicro – Firewall Rule Actions and Priorities Trend Micro’s Deep Security Help Center US-CERT – Securing Network Infrastructure Devices Security Threats to network devices and what ways to protect them. NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.