Concerned with managing the security risks posed by the network environment. Controls at this level include proper network segmentation (for example, assets used by organization A are not visible to organization B) and provision of basic network services such as an accurate and traceable time standard.