Answer:
According to NIST (the National Institute of Standards and Technology, part of the U.S. Department of Commerce), a firewall policy is a description of how the information security policy will be implemented by the firewall and associated security mechanisms. The policy, drafted after an appropriate risk analysis, should:
- dictate how the firewall should handle applications traffic (such as email, Web access, telnet); and
- describe how the firewall is to be managed and updated.
You will find a great deal of helpful information in the NIST publication Guidelines on Firewalls and Firewall Policy.
First published on BankersOnline.com 1/31/05
print
share