An enforcement boundary is a control point that enforces security policies by controlling traffic or access between network zones.
A router with Access Control Lists (ACLs) (C) acts as an enforcement point by filtering traffic between networks or subnets, establishing security boundaries.
Applications with login screens (A) and antivirus on workstations (B) provide endpoint security but do not enforce network boundaries.
Switches with VLANs (D) support segmentation but do not typically enforce traffic filtering or security policies.
GICSP highlights routers and firewalls as primary enforcement boundary devices in ICS network architectures.
[Reference:, , GICSP Official Study Guide, Domain: ICS Security Architecture & Design, , NIST SP 800-82 Rev 2, Section 5.5 (Network Security Architecture), , GICSP Training on Network Segmentation and Enforcement Boundaries]
Submit