Compliance training and self-attestation for Firewall Administrators

Cyberattacks against educational institutions have increased nearly 50% since 2021. Attacks against institutions like the University of Wisconsin result in enormous resource costs, including lost intellectual property, reduced staff productivity, tarnished brand reputation and more.

Because of this, it is imperative that we remain secure behind a firewall (both physical and virtual) with proper Palo Alto infrastructure configuration. With this in mind, and in adherence to UW policy 1038, the team has developed a comprehensive self-attestation plan for firewall administrators. By implementing a self-attestation plan, UW can enhance our collective security posture, identify potential vulnerabilities, and maintain a robust defense against cyber threats.

Key components of the plan

The following is an overview of the key components involved in our self-attestation plan for firewall administrators.

Baseline rules and standard definition

Establish clear and comprehensive baseline rules and standards for firewall administration. This document outlines the desired security objectives, defines acceptable configurations, and provides guidelines for managing firewall access control lists and other security settings.

Self-assessment process

Define a structured self-assessment process that firewall administrators will follow on a regular basis. This process typically involves a review of firewall configurations, rule sets, access controls, logging mechanisms, and other relevant security parameters. View and submit the Firewall baseline attestation form here.

Checklist creation

Develop a checklist or questionnaire that covers various aspects of firewall administration. The checklist (updated by the UW Cybersecurity Office) should include key areas such as rule management, authentication mechanisms, intrusion prevention systems, logging and monitoring, and firewall updates and patching. Firewall administrators can use this checklist to systematically evaluate their adherence to security practices.

Frequency and schedule

Depending on the organization’s risk tolerance and regulatory requirements, self-assessments will be conducted periodically. Establish a schedule for the self-assessment and validation process, including specific dates or time frames when firewall administrators should complete their assessments.

Remediation plan

When deviations or vulnerabilities are identified during the self-assessment process, establish a clear remediation. This plan should outline the steps required to address identified issues, assign responsibilities to appropriate personnel, and set deadlines for resolution. Prioritize critical vulnerabilities that pose a significant risk to UW’s security profile.

Documentation and reporting

Maintain thorough documentation of self-assessment activities, including the checklist results, identified vulnerabilities, remediation efforts, and their outcomes. This documentation provides a historical record of the security posture of the firewall infrastructure and helps track progress over time. Additionally, generate reports summarizing the self-assessment findings, areas of concern, and recommendations for improving security measures. Some of these reports will also be included in the Deans IT Security Dashboard.

Training and awareness

Ensure that firewall administrators receive up-to-date training related to firewall administration best practices, security requirements, technologies, and emerging threats.

Continuous improvement

Regularly review and update policies, standards, and procedures based on lessons learned and changing security landscape. Incorporate feedback from firewall administrators and other relevant stakeholders to refine the self-attestation plan.

Accomplishments, work and timeline

Accomplishments

  • Finalized a Canvas course for Firewall Administrators.
  • Presented and gathered feedback from NFWAG regarding self-attestation and training.
  • Planned development work with IAM to enable training certification enforcement.
  • Completed pilot training group within DoIT.

Upcoming Work

  • Finalize Canvas course participant tracking tool.
  • Communicate with trainees.
  • Link to self-enroll in compliance training.

 

Work in Progress

  • Communicating to Canvas course trainees.
  • Drafting a project update for ITCCC and Firewall Admins.

Timeline

  • 3rd week of June: Training course live on Canvas (90-day duration).
  • September training window ends.
  • Self-attestation window opens in October 2024.