1. Firewalls

Secure your network boundaries.

The aim of this control is to ensure that network services are protected from unauthorised access.

This control expects organisations to:

  • Change default admin passwords or disable remote admin access.

  • Disable admin access from the internet unless there is a legitimate business need for such access. If access is required, this should be protected by multi-factor authentication or an IP allow list .

  • Block unauthenticated inbound connections by default.

  • Ensure inbound firewall rules are approved and documented by an authorised individual with the business need for the rule stated.

  • Remove or disable unneeded firewall rules as soon as they are no longer required.

  • Ensure devices have software firewalls installed if they will be used on untrusted networks, such as public wi-fi.

Last updated