Network Segmentation Review

A structured, repeatable process for evaluating network segmentation architecture against NIST SP 800-207 (Zero Trust Architecture) and CIS Controls v8 Control 12 (Network Infrastructure Management). This skill produces a segmentation maturity assessment with zone mapping, trust boundary analysis, east-west traffic control evaluation, and prioritized remediation guidance.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Architecture reviews for new or modified network designs.
• Zero Trust readiness assessments.
• PCI DSS scoping exercises requiring CDE segmentation validation (PCI DSS v4.0 Requirement 1.3).
• Post-incident reviews where lateral movement was observed or suspected.
• Cloud migration planning requiring workload isolation design.
• Merger/acquisition network integration planning.