Skip to content
 

Firewall documentation question

Question: 
In a recent FDIC exam report, we were asked to develop a firewall policy. As I understand it, this will simply outline the firewalls and provide addresses. We have a schematic, but I sense the FDIC is expecting something else. Any suggestions?
Answer: 

According to NIST (the National Institute of Standards and Technology, part of the U.S. Department of Commerce), a firewall policy is a description of how the information security policy will be implemented by the firewall and associated security mechanisms. The policy, drafted after an appropriate risk analysis, should:

  • dictate how the firewall should handle applications traffic (such as email, Web access, telnet); and
  • describe how the firewall is to be managed and updated.

You will find a great deal of helpful information in the NIST publication Guidelines on Firewalls and Firewall Policy.

First published on BankersOnline.com 1/31/05

First published on 01/31/2005

Filed under: 
Security
Technology
Filed under security as: 
Applications
FDIC
IT
Security
Technology
Filed under technology as: 
Applications
FDIC
IT
Security
Technology

Report a problem with this page

Search Topics