Industrial Demilitarized Zone (IDMZ)

Industrial/ICS 🏭 • Difficulty: premium

Definition

An IDMZ is a dedicated network layer between enterprise IT and the OT control network that brokers data and remote access through tightly controlled services, preventing direct connections to industrial assets.

Examples

A reporting server in the IDMZ receives summarized historian data from OT and then publishes dashboards to IT users, with no direct IT access to PLCs or HMIs.
All remote vendors first land on a jump host in the IDMZ with MFA and recording; from there, time-limited access is approved to Level 3 maintenance systems.

Discover 🔎

The Industrial DMZ (often called Level 3.5 in the Purdue Model) is a buffer network that separates business IT from the operational technology (OT) network. Instead of allowing direct paths to controllers and HMIs, the IDMZ hosts brokered services—jump hosts, data replication/reporting, and update staging—so information can flow safely without exposing real-time control systems.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.