Network Security Standard
Organization: FrontRunnerHC, Inc. (FRHC)
Parent Policy Reference: Summit Technology Holdings – Network Security Policy
Framework Reference: Secure Controls Framework – Network Security (NET)
1. Purpose
Section titled “1. Purpose”This standard defines how FrontRunnerHC (FRHC) implements the enterprise-wide Network Security requirements established by Summit Technology Holdings, LLC (STH). It documents the specific controls, configurations, and practices used to secure FRHC’s network infrastructure—spanning Microsoft 365, Azure, AWS, and supporting on-premises or hosted environments—against unauthorized access, misuse, and threats.
2. Applicability
Section titled “2. Applicability”This standard applies to all FRHC network infrastructure, including cloud environments (Azure, AWS, Microsoft 365), hosted systems, remote access connections, and any third-party or contractor connectivity to FRHC systems. It applies to all employees, contractors, and service providers who operate or connect to FRHC networks.
3. Standard
Section titled “3. Standard”3.1 Network Security Controls
Section titled “3.1 Network Security Controls”FRHC implements layered network security controls across its cloud and hosted environments. These include firewalls, network access controls, security group rules in Azure and AWS, and least-privilege network access enforcement. Controls are reviewed periodically and updated in response to emerging threats, audit findings, or changes to the technology environment.
- Parent Policy Mapping: STH Network Security Policy, Section 3.1
- SCF Mapping: NET-01 (Network Security Controls (NSC))
3.2 Network Segmentation
Section titled “3.2 Network Segmentation”FRHC applies network segmentation to isolate systems that process, store, or transmit ePHI and other regulated data from general business systems and non-production environments. In Azure and AWS, segmentation is implemented using Virtual Networks (VNets), subnets, Network Security Groups (NSGs), and equivalent AWS VPC constructs. Production environments are separated from development and staging environments, and direct internet access is restricted to authorized pathways. Lateral movement controls are enforced through segmentation rules.
- Parent Policy Mapping: STH Network Security Policy, Section 3.2
- SCF Mapping: NET-06 (Network Segmentation (macrosegmentation))
3.3 Network Intrusion Detection & Prevention
Section titled “3.3 Network Intrusion Detection & Prevention”FRHC deploys intrusion detection and prevention capabilities through Microsoft Defender for Cloud and equivalent tooling in AWS environments. Alerts are logged, triaged, and escalated to FRHC’s incident response team in accordance with FRHC’s Incident Response Standard. Known malicious traffic is blocked through automated threat intelligence integrations where available. Network monitoring covers both perimeter and internal traffic paths.
- Parent Policy Mapping: STH Network Security Policy, Section 3.3
- SCF Mapping: NET-08 (Network Intrusion Detection / Prevention Systems (NIDS / NIPS))
3.4 Remote Access
Section titled “3.4 Remote Access”FRHC restricts and controls all remote access to FRHC systems, applications, and data. Remote access is permitted only for authorized personnel and is protected using multi-factor authentication and encrypted communication protocols.
Access is scoped to the minimum required for the user’s role. Remote access to production environments and systems containing sensitive or regulated data, including ePHI, requires explicit authorization. Third-party and contractor remote access is governed through documented agreements and limited to approved connection methods and defined timeframes.
FRHC maintains the capability to immediately terminate remote access sessions and disable credentials when access is no longer required or a security concern is identified.
- Parent Policy Mapping: STH Network Security Policy, Section 3.4
- SCF Mapping: NET-14 (Remote Access)
4. Compliance & Governance
Section titled “4. Compliance & Governance”FRHC maintains evidence of firewall and NSG configurations, segmentation architecture diagrams, and intrusion detection alerts and disposition records. IT Security reviews network security controls periodically and after significant changes to the environment. Evidence is retained to support SOC 2 Type II audits and HIPAA Security Rule compliance assessments.
5. Enforcement
Section titled “5. Enforcement”All users (employees, contractors, part-time and temporary workers) and those employed by others to perform work for the organization, or who have been granted access to IT assets or facilities, are covered by this standard and must comply with its associated policies, procedures, standards and guidelines.
Failure to comply with this standard and associated guidelines may result in suspension of use privileges or other disciplinary actions up to and including termination and/or legal action.
6. References
Section titled “6. References”Parent Policy:
- Summit Technology Holdings – Network Security Policy
Regulatory Requirements:
- HIPAA Security Rule:
- 45 CFR §164.308(a)(1)(ii)(A) – Risk Analysis
- 45 CFR §164.312(e)(1) – Transmission Security
- AICPA SOC 2 Trust Services Criteria:
- Security (CC6.1, CC7.1)
- Availability (A1.2)
- New York SHIELD Act: GBL §899-bb(2)(b)(ii) (Technical Safeguards — Detect, Prevent, and Respond to Attacks or System Failures)
Framework Alignment:
- NET-01 – Network Security Controls (NSC)
- NET-06 – Network Segmentation (macrosegmentation)
- NET-08 – Network Intrusion Detection / Prevention Systems (NIDS / NIPS)
- NET-14 – Remote Access
7. Revision Tracking
Section titled “7. Revision Tracking”| Rev | Description | Date | Approved |
|---|---|---|---|
| - | Policy created | July 2021 | M Machin |
| 1.0 | Formatting Update | September 2022 | WSI |
| 2.0 | Updated and approved for 2024 | July 2024 | WSI |
| 3.0 | Updated and approved for 2025 | July 2025 | M Machin |
| 4.0 | Converted to Standard | April 2026 | M Machin |
| 4.1 | Added NY SHIELD Act citation | April 2026 | M Machin |
| 4.2 | Added §3.4 Remote Access (NET-14) | June 2026 | M Machin |
