---
layout: handbook-page-toc
title: "NO.2.01 - Network Segmentation Control Guidance"
---
## On this page
{:.no_toc .hidden-md .hidden-lg}
- TOC
{:toc .hidden-md .hidden-lg}
# NO.2.01 - Network Segmentation
## Control Statement
Production environments are logically segregated from non-production environments.
## Context
Lesser environments must exist and be segregated, whether logically or physically, from the production counterparts.
## Scope
This control applies to the GitLab.com and customers.gitlab.com environments. For each, lesser environments in which development and testing occur must be logically segregated from the production environments.
## Ownership
Control Owner:
* `Infrastructure`
Process Owner:
* Infrastructure
## Guidance
Pre-production environments should be logically segregated from their production counterparts. This can be accomplished by hosted them on different hosting providers or logically segregating them by project within the same hosting provider.
## Additional control information and project tracking
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [Network Segmentation control issue](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/issues/854).
### Policy Reference
## Framework Mapping
* ISO
* A.12.1.4
* A.13.1.3
* A.14.2.6
* PCI
* 6.4.1