Engineering/Engineering Principles/7 Security And Availability/Secure Infrastructure/Zero Trust And Secure Networking/
Zero Trust and Secure Networking Standards · SEC-02
Web applications should utilise a Web Application Firewall (WAF) to protect systems from common attacks · SEC-02.2 · SHOULD · DEV
This should always be presented as an option to clients, with benefits and costs clearly explained.
Cloud-hosted applications should be deployed within an isolated virtual network · SEC-02.3 · SHOULD · DEV
This approach introduces additional cost and complexity, so should be presented as an option to clients for them to understand the pros and cons.