VERSION: DATED: APPROVAL:
[1] [Enter date here] [Enter name of approver here]
Gap Assessment Tool CONTROLS
COMPLIANT?
ACTION NEEDED FOR COMPLIANCE
ACTION OWNER
POSSIBLE EVIDENCE
Control 1: Firewalls l A firewall is in place to protect the internal network from the internet. l The administrator password of the firewall(s) has been changed from the default. l The firewall rules (defining traffic that is allowed or denied a route through the firewall) have been documented and approved. l Vulnerable network services are blocked unless explicitly required. l Changes to firewall rules are controlled and documented.
Yes
l Firewall rules are reviewed on a regular basis to ensure they remain appropriate. l Only devices that need access to the internet are allowed to connect to it. l The admin interface of the firewall is only accessible from within the internal network. Total:
8
Yes
Network Diagram Network Security Policy Password Policy
Yes
Firewall Configuration Standard
Yes
Firewall Configuration Standard
Yes Yes
Firewall Rule Change Log Firewall Rule Change Process Firewall Review Form
Yes
Configuration Standard
Yes
Information Security Policy
Control 2: Secure Configuration l All user accounts have been verified as active and required on all computers in the internal network, and inactive ones have been removed. l All default passwords have been changed.
20/04/2026
Yes
Configuration Standard
Yes
Password Policy
Page 1 of 4