IT Network & Device Management
Layer-2 domain pack: grounding network device policies into P/C primitives and composites.
Layer-2
descriptive
grounded
L2-IT-01 — Network Segmentation Defines Operational Boundaries
Statement
Network segmentation establishes logical boundaries that constrain traffic flow, privilege scope, and failure domains.
Primitives
P1 P9 P5Composites
C1 C5Notes
VLANs/subnets/firewalls define crossing conditions; misconfig alters propagation risk.
L2-IT-02 — Access Control Centralizes Authorization Decisions
Statement
Access control systems formalize authorization gates governing device and network resource interaction.
Primitives
P3 P2 P9Composites
C7Notes
IAM, RBAC/ABAC, PAM/jump boxes; privilege scope is a boundary interface.
L2-IT-03 — Security Policies Encode Comparator Hierarchies
Statement
Security policy operationalizes comparator tradeoffs between confidentiality, integrity, availability, performance, and usability.
Primitives
P10 P6 P9Composites
C10 C11Notes
Make constitutional vs operational comparators explicit to avoid ossification.
L2-IT-04 — Monitoring Systems Shape Feedback Loops
Statement
Monitoring/logging define the observable state of the network and bound corrective responsiveness.
Primitives
P6 P4 P5Composites
C3 C8Notes
Alert thresholds and aggregation granularity shape behavior and postmortems.
L2-IT-05 — Misconfiguration Can Produce Threshold Cascades
Statement
Certain configuration changes can trigger nonlinear state transitions due to protocol coupling and amplification.
Primitives
P6 P1 P10 P8Composites
C12Notes
Spanning-tree loops, BGP misroutes, broadcast storms, DNS outages.
L2-IT-06 — Local Optimization Can Alter System-Wide Security Posture
Statement
Subsystem/device-level decisions can shift aggregate risk posture across the network.
Primitives
P7 P6 P10 P1Composites
C10 C5Notes
Exceptions and shadow IT create cross-boundary effects not captured in local ledgers.
L2-IT-07 — Governance Latency Differs from Attack Propagation Speed
Statement
Exploit automation can operate on timescales shorter than formal governance and change-control cycles.
Primitives
P6 P9 P7Composites
C9 C12Notes
Patch cadence vs zero-days; incident response speed is part of stability.
L2-IT-08 — Reversibility Varies by Change Scope and State
Statement
Reversibility depends on state capture, configuration management maturity, and dependency coupling.
Primitives
P8 P6 P1Composites
C9Notes
Rollback paths and tested restore are core to safe change velocity.
Use this pack to map real artifacts (policies, configs, incidents) into the spine. Then run a gap-check: what grounding effects are missing?