NIST SP 800-171
Control 3.13.2
Employ Architectural Designs and Techniques for Security
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems.
What This Means in Plain English
Your systems should be designed with security built in from the ground up, not bolted on after the fact. This includes network segmentation, defense in depth, and secure development practices.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Defense-in-depth architecture with multiple layers of security controls
- Network segmentation using FortiGate and Cisco Meraki VLANs separating CUI from general traffic
- DMZ architecture for externally facing services
- Secure development practices for any custom applications or scripts
- ComplianceArmor documenting the security architecture with diagrams and rationale
Assessment Guidance
Assessors will review the network architecture and security design, verify that defense-in-depth principles are applied, check that network segmentation isolates CUI environments, and confirm that architectural decisions consider security implications.
Common Implementation Gaps
- Flat network architecture with no segmentation
- No defense-in-depth -- single point of failure for security
- CUI systems on the same network segment as general-purpose systems
- No DMZ for externally facing services
- Security architecture not documented
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SA-8, SC-7(5) |
| PCI DSS | Req 1.2 - Restrict connections between untrusted networks and any system components |
Need Help Implementing 3.13.2?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment