Skip to content

Network Security Standard

Organization: FrontRunnerHC, Inc. (FRHC)
Parent Policy Reference: Summit Technology Holdings – Network Security Policy
Framework Reference: Secure Controls Framework – Network Security (NET)


This standard defines how FrontRunnerHC (FRHC) implements the enterprise-wide Network Security requirements established by Summit Technology Holdings, LLC (STH). It documents the specific controls, configurations, and practices used to secure FRHC’s network infrastructure—spanning Microsoft 365, Azure, AWS, and supporting on-premises or hosted environments—against unauthorized access, misuse, and threats.


This standard applies to all FRHC network infrastructure, including cloud environments (Azure, AWS, Microsoft 365), hosted systems, remote access connections, and any third-party or contractor connectivity to FRHC systems. It applies to all employees, contractors, and service providers who operate or connect to FRHC networks.


FRHC implements layered network security controls across its cloud and hosted environments. These include firewalls, network access controls, security group rules in Azure and AWS, and least-privilege network access enforcement. Controls are reviewed periodically and updated in response to emerging threats, audit findings, or changes to the technology environment.

  • Parent Policy Mapping: STH Network Security Policy, Section 3.1
  • SCF Mapping: NET-01 (Network Security Controls (NSC))

FRHC applies network segmentation to isolate systems that process, store, or transmit ePHI and other regulated data from general business systems and non-production environments. In Azure and AWS, segmentation is implemented using Virtual Networks (VNets), subnets, Network Security Groups (NSGs), and equivalent AWS VPC constructs. Production environments are separated from development and staging environments, and direct internet access is restricted to authorized pathways. Lateral movement controls are enforced through segmentation rules.

  • Parent Policy Mapping: STH Network Security Policy, Section 3.2
  • SCF Mapping: NET-06 (Network Segmentation (macrosegmentation))

3.3 Network Intrusion Detection & Prevention

Section titled “3.3 Network Intrusion Detection & Prevention”

FRHC deploys intrusion detection and prevention capabilities through Microsoft Defender for Cloud and equivalent tooling in AWS environments. Alerts are logged, triaged, and escalated to FRHC’s incident response team in accordance with FRHC’s Incident Response Standard. Known malicious traffic is blocked through automated threat intelligence integrations where available. Network monitoring covers both perimeter and internal traffic paths.

  • Parent Policy Mapping: STH Network Security Policy, Section 3.3
  • SCF Mapping: NET-08 (Network Intrusion Detection / Prevention Systems (NIDS / NIPS))

FRHC restricts and controls all remote access to FRHC systems, applications, and data. Remote access is permitted only for authorized personnel and is protected using multi-factor authentication and encrypted communication protocols.

Access is scoped to the minimum required for the user’s role. Remote access to production environments and systems containing sensitive or regulated data, including ePHI, requires explicit authorization. Third-party and contractor remote access is governed through documented agreements and limited to approved connection methods and defined timeframes.

FRHC maintains the capability to immediately terminate remote access sessions and disable credentials when access is no longer required or a security concern is identified.

  • Parent Policy Mapping: STH Network Security Policy, Section 3.4
  • SCF Mapping: NET-14 (Remote Access)

FRHC maintains evidence of firewall and NSG configurations, segmentation architecture diagrams, and intrusion detection alerts and disposition records. IT Security reviews network security controls periodically and after significant changes to the environment. Evidence is retained to support SOC 2 Type II audits and HIPAA Security Rule compliance assessments.


All users (employees, contractors, part-time and temporary workers) and those employed by others to perform work for the organization, or who have been granted access to IT assets or facilities, are covered by this standard and must comply with its associated policies, procedures, standards and guidelines.

Failure to comply with this standard and associated guidelines may result in suspension of use privileges or other disciplinary actions up to and including termination and/or legal action.


Parent Policy:

  • Summit Technology Holdings – Network Security Policy

Regulatory Requirements:

  • HIPAA Security Rule:
    • 45 CFR §164.308(a)(1)(ii)(A) – Risk Analysis
    • 45 CFR §164.312(e)(1) – Transmission Security
  • AICPA SOC 2 Trust Services Criteria:
    • Security (CC6.1, CC7.1)
    • Availability (A1.2)
  • New York SHIELD Act: GBL §899-bb(2)(b)(ii) (Technical Safeguards — Detect, Prevent, and Respond to Attacks or System Failures)

Framework Alignment:

  • NET-01 – Network Security Controls (NSC)
  • NET-06 – Network Segmentation (macrosegmentation)
  • NET-08 – Network Intrusion Detection / Prevention Systems (NIDS / NIPS)
  • NET-14 – Remote Access

RevDescriptionDateApproved
-Policy createdJuly 2021M Machin
1.0Formatting UpdateSeptember 2022WSI
2.0Updated and approved for 2024July 2024WSI
3.0Updated and approved for 2025July 2025M Machin
4.0Converted to StandardApril 2026M Machin
4.1Added NY SHIELD Act citationApril 2026M Machin
4.2Added §3.4 Remote Access (NET-14)June 2026M Machin

Internal Use Only