Description:
...
A Tracker ticket is submitted by a firewall rule Requestor. A "Requestor" maybe any member of the campus community that meets the above requirements and is an employee or affiliate (e.g. FSA).
The Tracker ticket is automatically assigned to the ISO and Network Design and Development Manager for review. Reviews may expand to include the Fredonia Security Operations team or ITS leadership should additional consultation becomes necessary.
Upon review, a Nessus Vulnerability Management scan (non credentialed) will be completed by the ISO of the source and or destination hosts. NOTE: All new virtual and physical hosts are required to complete the ITS Service Production Certification Checklist.
Upon approval from the ISO, the Firewall Audit Register will be completed internally and the following information will be collected to conduct annual audits moving forward:
Request Date
Requestor
Ticket# Reason
Source
Destination ports
Firewall affected
ISO approval
Approval date
Rule created by
Created date
...
The firewall rule is completed by the Network Design and Development Manager (Requestor - "First Name Last Name" will be annotated in the Comments section of the rule.)
...
The Tracker ticket is updated to notify the requestor of the approval and completion of the request. If the request is denied, the ticket will be updated accordingly.
...
Firewall rules will be deprovisioned upon request or if a security issue necessitates such action or if the rule is no longer needed by the requestor.
Note: A “Requestor” is responsible for demonstrating the valid business purpose for the firewall rule and participating in the annual firewall rule audit. The original "Requestor" is responsible for informing the the Information Security Office (security@fredonia.edu) of any changes in personnel or if the rule is obsolete so that it can be removed.