University of Minnesota  Appendix

Network Firewall Standard


Expand all


Table of Contents

TOC placeholder

Governing Policy


Please use the contact section in the governing policy.


To ensure authorized access and to prevent unauthorized access to University information and IT resources, select networked systems must be protected through the use of network firewalls. Network firewalls reduce risk by restricting access to those who require access to the system, application, or data.

Security Controls

Network Firewall

The following table defines the baseline security controls for network-based firewalls.

Control Security Level
ID Description High Medium Low
NF.A.01 Segmentation of traffic with a dedicated network firewall Required Recommended Optional
NF.A.02 Enable in default deny mode (deny all traffic) and permit the minimum necessary services Required
Effective July 2019
Effective July 2019
Effective July 2019
NF.A.03 Document the firewall rules including purpose, justification, and approvals for use of all services, protocols, and ports allowed. For insecure protocols, include the additional security features implemented for the protocol Required Required
Effective July 2019
NF.A.04 Configure network to deny all traffic upon firewall failure Required
Effective July 2019
Effective July 2019
Effective July 2019
NF.A.05 Review usage of firewall rules and remove rules that are no longer needed (suggest: annual)1 Required Recommended Recommended

1 PCI DSS requires a review of firewall rules every 6 months for all systems that store, process or transmit cardholder data, or support the credit card processing environment.

Resources Covered

This applies to IT resources owned or contracted by the University.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

Published Date

November 2014

Last Reviewed

April 2019