Use: complete at least annually (and after major network changes). Owner: CISO + Engineering. File in the SharePoint evidence library. Frameworks: SOC 2 NET-3 (network firewalls reviewed); supports CC6.x. Vanta slot: annual-firewall-review.
Fill from the actual ruleset export. Neuroscale’s network controls live primarily in Cloudflare (Gateway/firewall/zone rules) and cloud security groups — pull the current rules and review each. Replace every variable.

Review metadata

  • Review date: {{review_date}} · Reviewer: {{reviewer_name}} · Scope: {{scope}}
  • Ruleset source / export date: {{ruleset_source_export_date}}

Ruleset review

Rule / groupPurposeStill required?Compliant w/ policy?Action (keep / modify / remove)
{{rule}}{{rule_purpose}}{{rule_still_required}}{{rule_compliant}}{{rule_action}}

Findings

  • Overly-permissive / stale rules: {{stale_rules}}
  • Default-deny posture confirmed: {{default_deny_confirmed}}
  • Recommended changes: {{recommended_changes}}

Corrective actions

ActionOwnerDueTracked in
{{action}}{{action_owner}}{{action_due}}Corrective Action

Sign-off

  • Reviewer (CISO): {{reviewer_name}} · {{reviewer_date}}

Variables

VariableDescription
{{review_date}}Date of the review
{{reviewer_name}}Name of the reviewer
{{scope}}Review scope (e.g., Cloudflare zones / AWS security groups / Vultr firewall)
{{ruleset_source_export_date}}Ruleset source / export date
{{rule}}Rule / group identifier
{{rule_purpose}}Purpose of the rule / group
{{rule_still_required}}Whether the rule is still required (Y/N)
{{rule_compliant}}Whether the rule is compliant with policy (Y/N)
{{rule_action}}Action (keep / modify / remove)
{{stale_rules}}Overly-permissive / stale rules
{{default_deny_confirmed}}Whether default-deny posture is confirmed (Y/N)
{{recommended_changes}}Recommended changes
{{action}}Corrective action
{{action_owner}}Action owner
{{action_due}}Action due date
{{reviewer_date}}Date the reviewer (CISO) signed off

Cross-references