Description:
...
Firewall rule needs to be for a valid University business purpose.
Firewall rule needs to be reviewed and approved by the Information Security Officer.
Firewall rule needs to be assigned an a “Requestor” and will be audited annually.
...
A Tracker ticket is submitted by a firewall rule Requestor. A "RrequestorRequestor" maybe any member of the campus community that meets the above requirements and is an employee or affiliate (e.g. FSA).
The Tracker ticket is automatically assigned to the ISO and Network Design and Development Manager for review. Reviews may expand to include the Fredonia Security Operations team or ITS leadership should additional consultation becomes necessary.
Upon review, a Nessus Vulnerability Management scan (Non-credentialled) will be completed by the ISO of the source and or destination hosts. NOTE: All new virtual and physical hosts are required to complete the ITS Service Production Certification Checklist.
Upon approval from the ISO, the Firewall Audit Register will be completed internally and the following information will be collected to conduct annual audits moving forward:
Request Date
Requestor
Ticket#Reason
Source
Destination ports
Firewall affected
ISO approval
approval Approval date
ruled Rule created by
created Created date
5. The firewall rule is completed by the Network Design and Development Manager (Requestor - "First Name Last Name" will be annotated in the Comments section of the rule.)
...