The diagram shows two networks (Business Network and Control Server Network) connected by a switch, suggesting a single organization’s infrastructure with logical segmentation.
Best practices per GICSP for ICS and enterprise network integration recommend a single Active Directory domain with groups and organizational units to separate roles and permissions. This approach simplifies management, maintains centralized authentication, and supports role-based access control.
Creating multiple domains (B or C) introduces unnecessary complexity and potential trust relationship issues. A transitive trust (D) is relevant when multiple domains exist, which is not required here.
The GICSP framework supports minimizing complexity in domain design to reduce attack surfaces while maintaining proper segmentation through groups and policies.
[Reference:, , GICSP Official Study Guide, Domain: ICS Security Governance & Compliance, , Microsoft Active Directory Best Practices (Referenced in GICSP), , GICSP Training on Identity and Access Management, ]
Submit