IOMG Technical Standards: Firewalls
- Best practice for data access and traffic control to be forefront to any design
- Least Privilege will be applied by design
- Traffic will be blocked by default and only specific traffic allowed
- Allowed traffic is required to specify source, destination, ports and application where appropriate.
- Segmentation will be used to enforce controls
- For Web Application firewalls specific attention will be paid to protection from known web-based attacks in line with the published vulnerability lists
- All staff with write access to firewalls must hold a valid appropriate professional certification
