ISO 27001 Control 8.20: Networks Security
Network security is your first line of defense against threats that exploit connectivity vulnerabilities. ISO 27001 control 8.20 requires organizations to implement comprehensive protections for network infrastructure, devices, and connections that process sensitive information. Meeting this control demonstrates your commitment to preventing unauthorized access through network attack vectors.
What this means
Control 8.20 mandates that all networks and network devices supporting your information systems must be actively secured, managed, and monitored. This includes firewalls, routers, switches, wireless access points, and network segmentation. The control focuses on preventing attackers from exploiting network connectivity to compromise systems, applications, or data. You must establish technical and administrative controls that govern how network traffic flows, who can access network resources, and how devices are configured and maintained throughout their lifecycle.
How to comply
- 1.Inventory all network devices including firewalls, routers, switches, load balancers, and wireless access points
- 2.Implement network segmentation to isolate critical systems and sensitive data from general network traffic
- 3.Deploy and configure firewalls with explicit allow/deny rules aligned to business requirements
- 4.Enable logging and monitoring on network devices to detect suspicious activity and policy violations
- 5.Establish change management procedures for all network device configurations
- 6.Apply security patches and firmware updates to network devices on a defined schedule
- 7.Configure network access controls (NAC) to restrict devices connecting to the network
- 8.Implement intrusion detection/prevention systems (IDS/IPS) for real-time threat detection
- 9.Document network architecture and maintain current network diagrams
- 10.Conduct regular vulnerability assessments and penetration testing of network infrastructure
- 11.Establish procedures for secure remote access with multi-factor authentication
- 12.Monitor and log all network device administrative access and configuration changes
Evidence auditors look for
- Network architecture diagrams showing segmentation and device topology
- Firewall rules documentation and change logs
- Network device inventory spreadsheet with model, OS version, and location
- Patch management records showing firmware/OS updates applied to network devices
- IDS/IPS alert logs and incident response documentation
- Network access control policies and approved device lists
- Vulnerability assessment reports for network infrastructure
- Log files from network devices spanning 90+ days
- Change management tickets for network configuration modifications
- Penetration test reports validating network security controls
- VPN/remote access configuration documentation and user activity logs
- Network monitoring dashboard screenshots showing real-time device status
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automates network device inventory tracking, centralizes firewall and configuration change logging, and flags patch management gaps—eliminating manual audits and spreadsheet chaos for ISO 27001 8.20 evidence collection.
See how GRCWatch handles this control automatically
Start free trial