>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

NO-15Traffic Flow

>Control Description

Organization documents the approved traffic flow at each managed interface and configures the managed interface accordingly. Exceptions to traffic flow are documented, reviewed periodically, and removed when there is no longer a business requirement.

Theme

Process

Type

Preventive

Policy/Standard

Network Security Standard

>Implementation Guidance

1. Ensure a process is defined and documented for managing traffic flow at each interface. 2. Ensure all managed interfaces are configured as per the approved traffic flow. 3. Ensure all exceptions are documented, reviewed periodically, and removed when there is no longer a business requirement.

>Testing Procedure

1. Inspect and validate whether a process is defined and documented for managing traffic flow at each interface. 2. Validate for a sample of managed interface that it is configured as per the approved traffic flow. 3. Validate for a sample of exceptions whether they were documented, reviewed periodically, and removed when there was no longer a business requirement.

>Audit Artifacts

E-NO-01
E-NO-18
E-SG-04

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

12.4

ISO 27002:2022
1

8.21

FedRAMP Rev 5
1

AC-04

PCI DSS
2

1.3.1
1.3.2

TX-RAMP
1

AC-4

Ask AI

Configure your API key to use AI features.