>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

NO-01Network Policy Enforcement Points

>Control Description

Network traffic to and from untrusted networks passes through a policy enforcement point; firewall rules are established in accordance with identified security requirements and business justifications.

Theme

Technology

Type

Preventive

Policy/Standard

Network Security Standard

>Implementation Guidance

1. Ensure that necessary process and documentation are established for network traffic management. 2. Ensure necessary requirements are defined for managing network traffic to and from untrusted networks in the policy. 3. Ensure firewall rules are established to determine specific configuration requirements have been documented for network devices within the policy.

>Testing Procedure

1. Inspect Network Security Policy and/or Standard to determine whether requirements have been defined for managing network traffic to and from untrusted networks. 2. Review firewall rules to ensure they are defined according to the requirements of the organization.

>Audit Artifacts

E-NO-01
E-NO-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

PR.PT-4

CIS Controls
3

4.4
4.5
12.5

ISO 27002:2022
1

8.2

FedRAMP Rev 5
6

CA-03
CM-07
SC-05
SC-07
SC-07 (04)
SI-04 (04)

PCI DSS
1

1.2

HIPAA Security Rule
1

164.312(c)(1)

SOC 2
1

CC6.6

Cyber Essentials
1

FW

BSI C5
7

COS-01
COS-03
COS-04
COS-05
COS-06
COS-08
+1 more

TX-RAMP
6

CA-3
CM-7
SC-5
SC-7
SC-7(4)
SI-4(4)

Ask AI

Configure your API key to use AI features.