UnixTime

Research Note

A.8.22 Audit Checklist

Use this checklist during an internal audit of network zones, inter-zone controls, wireless segregation, segmentation tests, and exceptions.

On this page

When to use this

Use this checklist during an internal audit of network zones, inter-zone controls, wireless segregation, segmentation tests, and exceptions.

Audit checklist

  • Enumerate network zones.
  • Verify zone purpose and risk basis.
  • Review systems and services assigned to zones.
  • Review inter-zone connection rules.
  • Check firewall/routing/security group enforcement.
  • Review segmentation test evidence.
  • Review wireless network risk assessment.
  • Check performance or operational exceptions.
  • Check cloud and virtual network segregation.

Findings table

Zone/control Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 22

Note Metadata

Aliases: A.8.22 Network Segregation Audit Checklist

Source: 90 Templates/A.8.22 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.