When to use this
Use this record to review firewall, router, switch, VPN, wireless, SD-WAN, load balancer, or virtual network device configuration and changes.
Related controls
Review checklist
- Device owner identified.
- Management access restricted.
- Shared/default accounts removed or justified.
- Secure management protocol used.
- Logging enabled and forwarded where required.
- Configuration backup exists.
- Firewall/routing rules have owner and purpose.
- Broad rules are justified.
- Recent changes have approval.
- Firmware/software support status reviewed.
Review record
| Device/service | Configuration area | Expected control | Observed state | Gap | Action owner | Due date |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Network security
- Configuration management
Note Metadata
Aliases: Network Configuration Review
Source: 90 Templates/Network Device Configuration and Change Review.md
Related Notes
- A.8.20 Audit Evidence Pack
- ISO 27001 A.8.15 - Logging
- ISO 27001 A.8.20 - Networks Security
- ISO 27001 A.8.9 - Configuration Management
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.20 Audit Checklist
- Templates MOC