Firewall Audit Work Program
A firewall is a system or group of systems that enforces an access control policy between two or more networks. Given the sensitive roles firewalls play in network infrastructure, how they are administered and maintained is critical.
This tool provides four sample work programs that were designed to provide guidance for your next firewall audit.
Audit objectives for these work programs include obtaining network diagrams illustrating firewall connections and segmentation on the network; obtaining network diagrams from the network administrator to gain an understanding of the network environment; determining if the expectations/goals/strategies of the firewall have been identified and are sound; meeting with the systems manager to define the functional purpose of each firewall; and verifying that the firewalls have been configured to match their functional purpose.