Printed on: 12/14/2019. Please go to http://policy.umn.edu for the most current version of the Policy or related document.
University of Minnisota  Appendix

Network Firewall Standard

Appendix to Policy

Objective

To ensure authorized access and to prevent unauthorized access to University information and IT resources, select networked systems must be protected through the use of network firewalls. Network firewalls reduce risk by restricting access to those who require access to the system, application, or data.

Security Controls

Network Firewall

The following table defines the baseline security controls for network-based firewalls.

ControlSecurity Level
IDDescription High Medium Low
NF.A.01 Segmentation of traffic with a dedicated network firewall Required Recommended Optional
NF.A.02 Enable in default deny mode (deny all traffic) and permit the minimum necessary services Required
Effective July 2019
Required
Effective July 2019
Required
Effective July 2019
NF.A.03 Document the firewall rules including purpose, justification, and approvals for use of all services, protocols, and ports allowed. For insecure protocols, include the additional security features implemented for the protocol Required Required
Effective July 2019
Recommended
NF.A.04 Configure network to deny all traffic upon firewall failure Required
Effective July 2019
Required
Effective July 2019
Required
Effective July 2019
NF.A.05 Review usage of firewall rules and remove rules that are no longer needed (suggest: annual)1 Required Recommended Recommended

1 PCI DSS requires a review of firewall rules every 6 months for all systems that store, process or transmit cardholder data, or support the credit card processing environment.

Resources Covered

This applies to IT resources owned or contracted by the University.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

Published Date

November 2014

Last Reviewed

April 2019

Document Feedback

Information Technology