1.1.1.a Examine documented procedures to verify there is a
formal process for testing and approval of all:
• Network connections and
• Changes to firewall and router configurations
1.1.1.b For a sample of network connections, interview
responsible personnel and examine records to verify that
network connections were approved and tested
1.1.1.c Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested.
A documented and implemented process for
approving and testing all connections and
changes to the firewalls and routers will help
prevent security problems caused by
misconfiguration of the network, router, or firewall.
Without formal approval and testing of changes,
records of the changes might not be updated,
which could lead to inconsistencies between
network documentation and the actual
configuration.