Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

demilitarized zone (DMZ)

Abbreviation(s) and Synonym(s):

DMZ

Definition(s):

  An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.
Source(s):
NIST SP 800-41 Rev. 1 under Demilitarized Zone (DMZ)
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) (NIST SP 800-41)

  A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet.
Source(s):
NIST SP 800-44 Version 2 under Demilitarized Zone (DMZ)
NIST SP 800-45 Version 2 under Demilitarized Zone (DMZ)
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) (NIST SP 800-45)

  Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.
Source(s):
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) (CNSSI 4009)

  1. Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance (IA) policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.
Source(s):
CNSSI 4009-2015

  2. A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet.
Source(s):
CNSSI 4009-2015 (NIST SP 800-45 Version 2)

  3. An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.
Source(s):
CNSSI 4009-2015 (NIST SP 800-41 Rev. 1)

  A network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks.
Source(s):
NISTIR 7711 under Demilitarized Zone