Please note: This sample shows only a section of the complete Gap Assessment tool.
VERSION: DATED: APPROVAL:
[1] [Enter date here] [Enter name of approver here]
Gap Assessment Tool CONTROLS
COMPLIANT? ACTION NEEDED FOR COMPLIANCE ACTION OWNER
POSSIBLE EVIDENCE
Control 1: Firewalls l A firewall is in place to protect the internal network from the internet. l The administrator password of the firewall(s) has been changed from the default. l The firewall rules (defining traffic that is allowed or denied a route through the firewall) have been documented and approved. l Vulnerable network services are blocked unless explicitly required. l Changes to firewall rules are controlled and documented. l Firewall rules are reviewed on a regular basis to ensure they remain appropriate. l Only devices that need access to the internet are allowed to connect to it. l The admin interface of the firewall is only accessible from within the internal network.
Yes
Total:
8
Yes
Network Diagram Network Security Policy Password Policy
Yes
Firewall Configuration Standard
Yes
Firewall Configuration Standard
Yes Yes
Firewall Rule Change Log Firewall Rule Change Process Firewall Review Form
Yes
Configuration Standard
Yes
Information Security Policy