Skip to Content
Welcome to the Novantra documentation.
GuidesGovernanceModulesNetwork & Communications

Network & Communications Governance

The Network & Communications Governance module is the governance layer for your network and inter-system communications posture. Network zones, remote access services, network paths between systems, secure transfer channels for data exchange, periodic network rule reviews: each is one record type, anchored to a governed subject, captured for audit-grade traceability.

This module is not your firewall, IDS, routers, or network management system. Those enforce. This module governs the network posture: what zones exist, what is the documented intent, what reviews have been performed, where the gaps are.

When you would reach for this

You set up network & communications governance when:

  • A regulator or framework expects a documented network architecture and periodic review of firewall and access rules.
  • Network zones and trust boundaries need to be inventoried and tracked.
  • Remote access services (VPN, jump hosts, vendor remote access) need governed records with review cadence.
  • Inter-system communications channels (secure file transfer, API integrations, payment rails) need formal posture records.
  • Periodic firewall rule reviews need an audit trail rather than living in a spreadsheet.

You don’t reach for this for the enforcement systems themselves. Those have their own consoles and runtime state. This module captures the governance posture above them.

What lives in the module

Five record types:

  • Network zone captures a defined trust boundary: a corporate network segment, a DMZ, a production segment, an OT segment.
  • Remote access service captures a governed remote access path: VPN, jump host, vendor remote access service, bastion infrastructure.
  • Network path captures an inter-system communication path with its endpoints, protocols, and trust expectations.
  • Secure transfer channel captures a governed file transfer or data exchange channel with a counterparty.
  • Network rule review captures a periodic review of firewall or access rules in a zone or service.

A worked example: a global news publisher governs editorial and distribution networks

A global news publisher operates editorial newsrooms across multiple bureaus, a content management platform, a publication pipeline that feeds digital and print outlets, and a subscriber-facing portal. Its network posture matters: editorial integrity depends on isolating editorial systems from external access; the publication pipeline depends on secure transfer to printers and syndication partners. The infrastructure security lead, Tomáš, sets up Network & Communications Governance like this.

Step 1: inventory zones. Tomáš creates zone records for each defined trust boundary: editorial, content-management, publication-pipeline, subscriber-portal, corporate, partner-syndication-dmz. Each zone has a description, the trust posture, the typical contents, and the responsible owner.

Step 2: remote access services. Each governed remote access path is recorded: the editorial VPN, the production jump host, the vendor remote access service used by the platform’s hardware support vendors. Each has expected users, MFA posture, session recording, and review cadence.

Step 3: network paths between zones. The team documents the intentional paths: editorial → content-management (publication submissions), content-management → publication-pipeline (build process), publication-pipeline → partner-syndication-dmz (export to syndicators). Each path has the protocols, expected volume, and trust expectations. Unauthorized paths are findings.

Step 4: secure transfer channels. Channels for moving content to print partners, advertising data to ad networks, and subscriber data to analytics processors are recorded with the counterparty, the protocol, the cadence, the encryption posture, and the contractual basis.

Step 5: periodic rule reviews. Quarterly, the team conducts firewall rule reviews per zone. Each review captures: which rules exist, which are still needed, which should be removed, which are anomalous. Removal recommendations go into Change Management.

After a year:

  • The network posture is inventoried in a governed register.
  • Quarterly reviews surface stale rules for removal.
  • An auditor (or an insurer) can be shown the documented architecture and the reviews that maintain it.

What you’ll see in the product

Network & Communications Governance lives under Governance → Network & Communications in the workspace.

Five top-level tabs: Network Zones, Remote Access Services, Network Paths, Secure Transfer Channels, Network Rule Reviews.

Every change is captured in the workspace Audit Log.

Common workflows

Inventorying the network

  1. Define zones representing your trust boundaries.
  2. Inventory remote access services with their expected users.
  3. Document inter-zone paths.
  4. Inventory transfer channels to and from counterparties.

Running a quarterly rule review

  1. From the relevant zone or service, create a rule review.
  2. Walk the rules; mark each as still-needed, candidate-for-removal, or anomalous.
  3. Removal recommendations become change requests routed to the network operations team.

Adding a new transfer channel

  1. Secure Transfer Channels → New. Counterparty, protocol, cadence, encryption posture, contractual basis.
  2. Link to the party engagement if applicable.
  • Access - remote access service governance feeds access oversight.
  • Change Management - firewall changes go through change requests.
  • Party Engagements - transfer channels often involve a counterparty.
  • Findings - anomalous rules and unauthorized paths surface as findings.
Last updated on
Secure DevelopmentSecurity Operations