GOST R ISO/IEC 27033-2-2021 PDF

Full title and description

GOST R ISO/IEC 27033-2-2021. Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security. National adoption of the ISO/IEC 27033-2 guidance providing recommendations for planning, designing, implementing and documenting network security measures. Available in Russian and English.

Abstract

This standard gives practical guidance to organisations on how to plan, design, implement and document network security. It describes high-level principles and architectural considerations for protecting networked systems and information flows, helping to translate risk assessments and security policy into appropriate network security requirements, architectures and controls.

General information

• Status: Active / National standard (GOST R adoption).
• Publication date: Introduced 30 November 2021 (approved by Rosstandart order dated 18 May 2021).
• Publisher: Russian Federation national standards system (GOST R) – published domestically (Standartinform / Rosstandart adoption).
• ICS / categories: 35.040 (information coding / IT security related classification).
• Edition / version: GOST R ISO/IEC 27033-2-2021 (national adoption of ISO/IEC 27033-2).
• Number of pages: 28 pages (typical pagination for this part).

Scope

The standard provides guidelines for organisations to plan, design, implement and document network security. It addresses the conversion of business and information security requirements into network security requirements and architectural choices, selection of design techniques, and consideration of operational and management aspects needed to maintain secure network operation. It is intended to be applied across a wide range of network types and organisational contexts and to be used alongside information security management processes.

Key topics and requirements

• Translating organisational security policy and risk assessment into network security requirements.
• Network security architecture concepts and design principles (segmentation, defence in depth, least privilege for network flows).
• Selection and placement of controls to protect network services and communications (access control, boundary protection, secure management planes).
• Design considerations for protecting endpoints, infrastructure devices and communication links.
• Documentation, configuration management and secure deployment practices for network components.
• Operational and management requirements: monitoring, change control, patching, incident handling and review of network security measures.
• Guidance on mapping threats to design techniques and control choices (to be used with risk assessment outputs).

Typical use and users

Used by network architects, security engineers, systems integrators, IT managers, information security officers and auditors. Typical applications include designing secure corporate networks, cloud-connectivity and hybrid environments, specifying network security requirements for procurement, and aligning network architecture with an organisation’s information security management system (ISMS).

Related standards

Part of the ISO/IEC 27000 family of information security standards. Closely related documents include ISO/IEC 27033 parts 1–7 (overview, reference scenarios, gateways, VPNs, wireless, virtualization), ISO/IEC 27001 (ISMS requirements), ISO/IEC 27002 (controls guidance) and ISO/IEC 27005 (risk management). National GOST R documents that adopt other parts of ISO/IEC 27033 are typically companion references.

Keywords

network security, network design, security architecture, guidelines, implementation, documentation, risk-based design, segmentation, boundary protection, ISMS

FAQ

Q: What is this standard?

A: GOST R ISO/IEC 27033-2-2021 is the Russian national adoption of ISO/IEC 27033-2. It provides guidelines for the design and implementation of network security—helping organisations convert security requirements into appropriate network architectures and controls.

Q: What does it cover?

A: It covers high-level guidance on planning, designing, implementing and documenting network security measures, including architectural principles, control selection and operational considerations. It is intentionally generic so it can be applied to many network types and organisational situations.

Q: Who typically uses it?

A: Network architects, security engineers, IT managers, information security officers, system integrators and auditors use it to design secure networks, specify procurement requirements and align network controls with an ISMS.

Q: Is it current or superseded?

A: The GOST R adoption was introduced on 30 November 2021 and is listed as an active national standard. The underlying international document (ISO/IEC 27033-2) originates from the ISO/IEC 27033 series (original international publication 2012 for part 2) and should be checked for any later revisions when strict currency is required.

Q: Is it part of a series?

A: Yes — it is part 2 of the ISO/IEC 27033 series on Network security. The series includes part 1 (overview & concepts) and later parts addressing reference scenarios, gateways, VPNs, wireless and virtualization security.

Q: What are the key keywords?

A: Network security, security architecture, design guidelines, implementation, documentation, segmentation, boundary protection, network controls, ISMS.