Access control: It shall start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN.
Access management: access to VLANs shall be restricted by isolating them from one another and dispatching resources into different VLANs, so that a compromised system in one segment does not translate into exploitation of the entire network.
Use of secure remote access methods: any remote access to the institution network or system shall be secured through VPN for any remote access required. Remote access shall be further hardened by limiting the number of IP addresses that are allowed to connect remotely for security and safeness.
