Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Network Segmentation (federal context)

The practice of dividing a federal information system into discrete network zones so that compromise of one zone does not yield access to others. Under the federal zero trust strategy, segmentation evolves from the legacy "trusted internal network" model to micro-segmentation: every workload is its own enforcement boundary, and every request between workloads is authenticated and authorized at the application layer. CISA Zero Trust Maturity Model treats segmentation as the Networks pillar; the Optimal stage requires fully distributed ingress and egress controls and automated, dynamic enforcement based on application identity, not IP address.