3.1 Ensure that unused policies are reviewed regularly

Information

All firewall policies should be reviewed regularly to verify the business purpose. Unused policies should be disabled and logged.

Recommendation to review twice per year or inline with BCP practice (Business Continuity Plan). Some of the firewall policies will only be used during BCP, hence, the hit count might show 0 if the review is done too often.

By reviewing policies regularly, we can determine if the policies are still needed by the business purpose. Thus, we can keep the firewall policies lean and efficient. It also prevents traffic being allowed or blocked accidently.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

The remediation is to review and decide if you should delete unused policies.

See Also

https://workbench.cisecurity.org/benchmarks/15284

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2, CSCv7|11.2

Plugin: FortiGate

Control ID: 2a2b75bb6997f3b58599d7e1fb9a7b60ca74efd9d94bbf86fabb9297c0a7f078