Professional Documents
Culture Documents
Questionnaires D'audit
Questionnaires D'audit
WP Ref.
Assignment : Date:
WP
Audit Step Preparer Reviewer
ref.
1.1 Review information security policy for policies and procedures directly
related to the management and operation of the firewall.
1.2 Determine the procedure by which the firewall rules are reviewed on a
periodic basis to ensure they are driven by valid business requirements.
1.3 Determine if access to the firewall and perimeter routers are controlled by
ACL’s and/or IP based access controls.
1.7 Review hardening procedures for firewall systems and perimeter routers.
1.12 Assess policies and procedures for business arrangement changes (i.e.
mergers, acquisitions, joint ventures etc..) and how they are integrated into
the existing firewall rules.
2.1 Review policies and procedures to ensure the integrity of
firewall logs.
2.2 Review log retention and deletion policies and procedures.
2.3 Review policies and procedures for parsing and alerting of logged security
events in real-time.
o Ensure that the network vulnerability scan is logged and activates an
alert.
2.4 Review policies and procedures for logging users authorized and
unauthorized systems activity.
2.5 Assess whether the firewall is being monitored for availability and
performance requirements.
3.1 Review and assess firewall rules, and documentation.
3.2 Review and assess what services are allowed through the firewall, and their
business requirements.
3.3 Review and assess firewall DMZ structure for proper segmentation of traffic
and controls.