Summer Regulatory Summit eBook

First page Table of contents Previous page 199 Next page Last page

1. Firewalls – Reporting and Monitoring

o Does the Organization have access to the firewall? o If the firewall protecting Internet traffic is managed by third-party, either onsite or at the third-party location, does the Organization have read-only rights? o Does internal staff or the managed service provider(MSP) audit firewall activity on at least a quarterly basis?

CONTROL

o NIST 800-53: AU6 – Audit Review, Analysis, and Reporting; SC-7 Boundary Protection o FFIEC CAT Baseline - Domain 3: Threat and Vulnerability Detection (quarterly audits)

GUIDANCE

© SBS CyberSecurity, LLC www.sbscyber.com

3

Made with FlippingBook Digital Publishing Software