An air-gapped system is physically isolated from all networks — no wired or wireless connection to other systems or the internet exists. Data enters and leaves exclusively through controlled removable media.
In an ISMS, air-gapping represents the strongest form of network segmentation and is relevant to ISO 27001 Annex A control A.8.22 (Network Segmentation). Typical use cases include backup systems (immutable backups), industrial control systems (OT/SCADA), and highly sensitive key management systems. The challenge lies in controlled data transfer: every removable medium that bridges the gap must be scanned for malware. USB-based attacks such as BadUSB can also compromise air-gapped systems.