Demilitarized zone

nounid 2280·updated May 12, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

polysemousMWE

Classifications

per-axis with provenance

Entity Type

Network0%rule-basedmulti_axis_classifier_low_confidence.v1

Sensitivity

—85%llm-generatedllm:claude-haiku-4-5

Information Class

—90%llm-generatedllm:claude-haiku-4-5

Variants

4 surface forms

acronym: DMZ
plural: Demilitarized zones
possessive: Demilitarized zone's
pluralpossessive: Demilitarized zones'

Framework definitions

8 senses across 6 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide subnetwork segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ.

ISACA Cybersecurity Glossary1 senseview framework →

§1: A screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted network Scope Note: A DMZ is typically used to house systems such as web servers that must be accessible from both internal networks and the Internet.

NISTIR 7298: Glossary of Key Information Security Terms, Revision 23 sensesview framework →

§1: An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.
§2 · sense_2_pending_review: A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet.
§3 · sense_3_pending_review: Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

NIST SP 800-411 senseview framework →

§1: An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.

NIST SP 800-451 senseview framework →

§1: A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet.

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 0 triples

No incoming triples

No other term currently asserts a relationship to this one.