Sub-Requirements 1.1.1, 1.1.8 and 1.1.9

• 1.1.1 A formal process for approving and testing all external network connections and changes to the firewall configuration
• 1.1.8 Quarterly review of firewall and router rule sets
• 1.1.9 Configuration standards for routers

Illustrative Controls and the TIBCO LogLogic Solution

Administrators must identify all changes to firewall and router configurations and ensure that a formal process is in place for all changes, including management approval and testing for all changes to external network connections and the firewall configuration. Administrators must also ensure all changes are authorized and that rule sets are periodically reviewed. The most efficient way to identify configuration changes is at the time of the modification. Administrators should setup alerts so that any changes to the configuration, authorized or otherwise, are detected.

Administrators must also periodically review all firewall rules to ensure accurate access control lists. In addition, administrators must review network traffic correlated with the firewall policy to ensure appropriate access control rules are used to protect the environment.

Reports and Alerts

Refer TIBCO LogLogic Reports and Alerts Quick Reference to see the 1.1.1, 1.1.8, 1.1.9 reports and alerts.