Home Compliance & Certification Network Diagram Segmentation Guide

Network Diagram Segmentation Guide

Last updated on Dec 18, 2025

1. Purpose of This Guide

This guide helps you show that your network is intentionally designed and segmented, not one big flat battlefield.

Network segmentation means:

  • Critical systems are separated from user devices

  • Public-facing services are isolated from internal systems

  • A breach in one area doesn’t automatically spread everywhere else

This artefact proves you’ve thought about network boundaries and put basic defences in place.

2. What You Will Submit

You will submit a network diagram that clearly shows segmentation, such as:

  • A diagram illustrating:

    • Internet connection

    • Firewalls or gateways

    • Segmented networks (e.g. user network, server network, DMZ)

  • Visual separation between:

    • Public-facing services (e.g. web apps)

    • Internal business systems

    • Databases or critical services

This is a visual architecture document, not a configuration screenshot.

3. How to Collect / Obtain / Generate This Evidence

Step 1: Identify Key Network Zones

At a minimum, show:

  • Internet

  • Firewall or security gateway

  • Internal user network

  • Critical systems (servers, databases)

  • Any cloud or hosted environments

If applicable, also include:

  • Management or admin networks

  • IoT or guest networks

Step 2: Draw the Segmentation

Use any tool you’re comfortable with:

  • PowerPoint / Google Slides

  • Draw.io / Lucidchart

  • Visio / Miro

Clearly label:

  • Each network segment

  • Traffic flow direction (arrows help)

  • Where firewalls or controls sit between segments

Clarity matters more than artistic flair.

Step 3: Review for Simplicity

Before saving:

  • Remove unnecessary technical detail

  • Ensure segmentation is obvious at a glance

  • Make sure labels are readable

One clean page is ideal.

4. Evidence Format

Accepted file types

  • PDF

  • PNG

  • JPG

Suggested naming format
YourCompanyName_NetworkDiagram_Segmentation_Date

Example
AcmePteLtd_NetworkDiagram_Segmentation_2025-07-01.pdf

5. What “Good” Looks Like

Your evidence is solid if it shows:

  • Visible element: Clear separation between network zones
    Why it matters: Limits lateral movement during attacks

  • Visible element: Firewalls or gateways between segments
    Why it matters: Demonstrates enforced traffic control

  • Visible element: Public-facing services isolated from internal systems
    Why it matters: Reduces exposure of sensitive assets

  • Visible element: Cloud and on-prem systems clearly labelled
    Why it matters: Shows full environment awareness

6. Tips from Sir Stonk 🛡️

  • Flat networks are easy to draw — and easy to break.

  • Don’t over-engineer. Even basic segmentation earns real points here.

A good map doesn’t show every tree.
It shows where the walls are.