NIST PR.DS-7: Environment Separation for Development, Testing & Production
Environment separation is a foundational security control that prevents misconfiguration, untested code, and credential exposure from reaching production systems. NIST Cybersecurity Framework control PR.DS-7 requires organizations to maintain distinct development and testing environments isolated from production to reduce risk and ensure system stability.
What this means
PR.DS-7 mandates that development and testing environments operate completely separately from production infrastructure. This isolation prevents developers from accidentally introducing vulnerabilities, deploying untested changes, or exposing production data. Separation includes distinct systems, databases, credentials, network segments, and access controls so that failures or security issues in non-production environments cannot cascade into live systems serving customers.
How to comply
- 1.Document your environment topology, clearly defining dev, test, and production systems with their purposes and data flows.
- 2.Implement network segmentation using firewalls, VLANs, or cloud security groups to prevent direct communication between environments.
- 3.Use separate credentials, API keys, and authentication tokens for each environment—never reuse production secrets in lower environments.
- 4.Establish distinct database instances for each environment and mask or exclude production data from dev/test databases.
- 5.Configure separate code repositories and deployment pipelines so code must be explicitly promoted through approval gates before reaching production.
- 6.Restrict access so developers cannot directly access production systems, and production administrators cannot accidentally modify development infrastructure.
- 7.Implement logging and monitoring for environment access and changes to detect unauthorized cross-environment activity.
- 8.Regularly audit environment configurations to catch drift, misconfigurations, or unintended connections between tiers.
Evidence auditors look for
- Network diagrams or cloud architecture diagrams showing isolated subnets or security groups for dev, test, and production.
- Infrastructure-as-code templates that provision separate environments with distinct parameters and security settings.
- Access control policies or identity management records showing different user roles and permissions per environment.
- Credential management audit logs proving separate secrets are generated and rotated for dev, test, and production.
- CI/CD pipeline configurations documenting approval gates and gates between environment stages.
- Database backup retention and restoration tests performed only in non-production environments.
- Firewall rules or security group policies explicitly blocking inter-environment communication.
- Change management records showing environment-specific test plans before production promotion.
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch tracks environment separation configurations across your cloud and on-premises infrastructure, automatically validates isolation policies, flags credential reuse, and generates audit evidence for PR.DS-7 compliance—eliminating manual spreadsheets and environment audits.
See how GRCWatch handles this control automatically
Start free trial