Use: complete at least annually (and after major network changes). Owner: CISO + Engineering. File in the SharePoint evidence library. Frameworks: SOC 2 NET-3 (network firewalls reviewed); supports CC6.x. Vanta slot: annual-firewall-review.
Fill from the actual ruleset export. Neuroscale’s network controls live primarily in Cloudflare (Gateway/firewall/zone rules) and cloud security groups — pull the current rules and review each. Replace every variable.
- Review date: {{review_date}} · Reviewer: {{reviewer_name}} · Scope: {{scope}}
- Ruleset source / export date: {{ruleset_source_export_date}}
Ruleset review
| Rule / group | Purpose | Still required? | Compliant w/ policy? | Action (keep / modify / remove) |
|---|
| {{rule}} | {{rule_purpose}} | {{rule_still_required}} | {{rule_compliant}} | {{rule_action}} |
Findings
- Overly-permissive / stale rules: {{stale_rules}}
- Default-deny posture confirmed: {{default_deny_confirmed}}
- Recommended changes: {{recommended_changes}}
Corrective actions
| Action | Owner | Due | Tracked in |
|---|
| {{action}} | {{action_owner}} | {{action_due}} | Corrective Action |
Sign-off
- Reviewer (CISO): {{reviewer_name}} · {{reviewer_date}}
Variables
| Variable | Description |
|---|
{{review_date}} | Date of the review |
{{reviewer_name}} | Name of the reviewer |
{{scope}} | Review scope (e.g., Cloudflare zones / AWS security groups / Vultr firewall) |
{{ruleset_source_export_date}} | Ruleset source / export date |
{{rule}} | Rule / group identifier |
{{rule_purpose}} | Purpose of the rule / group |
{{rule_still_required}} | Whether the rule is still required (Y/N) |
{{rule_compliant}} | Whether the rule is compliant with policy (Y/N) |
{{rule_action}} | Action (keep / modify / remove) |
{{stale_rules}} | Overly-permissive / stale rules |
{{default_deny_confirmed}} | Whether default-deny posture is confirmed (Y/N) |
{{recommended_changes}} | Recommended changes |
{{action}} | Corrective action |
{{action_owner}} | Action owner |
{{action_due}} | Action due date |
{{reviewer_date}} | Date the reviewer (CISO) signed off |
Cross-references