Network restrictions are used to ensure the confidentiality, integrity and availability of a company’s network, network devices and information assets. Firewalls are not the end solution to meeting information security. They are, however, part of a defense-in-depth approach to an effective information security infrastructure. Testing includes performing a vulnerability and penetration test semiannually and reviewing all access control lists and firewall rules semiannually for verification of validity.
The purpose of this sample policy is to ensure that all company network devices and firewalls are properly identified and configured.