Gateways only allow explicitly authorised data flows.
Topic
Implementing gateways
Applicable to
all
History
Priority
must
Mar 2022
Gateways only allow explicitly authorised data flows.
Existing recommendations for gateway architectures and their configuration (ISM-0631) were split into discrete recommendations with duplicate content being removed.
Jun 2019
Gateways:
§ are the only communications paths into and out of internal networks
§ allow only explicitly authorised connections
§ are managed via a secure path isolated from all connected networks (physically at the gateway or on a dedicated administration network)
§ are protected by authentication, logging and auditing of all physical and logical access to gateway components
§ have all security controls tested to verify their effectiveness after any changes to their configuration.
Security control 0631 was modified. Logging and alerting capabilities of gateways were moved into security control 0634.
May 2019
Gateways:
§ are the only communications paths into and out of internal networks
§ by default, deny all connections into and out of the network
§ allow only explicitly authorised connections
§ apply the guidance in the Guidelines for data transfers and content filtering
§ are managed via a secure path isolated from all connected networks (physically at the gateway or on a dedicated administration network)
§ provide sufficient logging and audit capabilities to detect cyber security incidents, attempted intrusions and overuse/unusual usage patterns
§ provide real-time alerts.
2015
Agencies must ensure that gateways:• are the only communications paths into and out of internal networks• by default, deny all connections into and out of the network• allow only explicitly authorised connections• are configured to apply controls as specified in the Data Transfers and Content Filteringchapter of this manual• are managed via a secure path isolated from all connected networks (physically at thegateway or on a dedicated administration network)• provide sufficient logging and audit capabilities to detect cyber security incidents,attempted intrusions and overuse/unusual usage patterns• provide real–time alerts.
2010
Agencies must ensure that gateways:••••are the only communications paths into and out of internal networksby default, deny all connections into and out of the networkallow only explicitly authorised connectionsare managed via a secure path isolated from all connected networks (physically at the gateway or on adedicated administration network)• provide sufficient logging and audit capabilities to detect cyber security incidents and attempted intrusions• provide real-time alerts.
2008
Agencies must ensure that gateways: a. are the only communications paths into and out of internal networks b. by default, deny all connections into and out of the network c. allow only explicitly authorised connections d. are managed via a secure path isolated from all connected networks e. provide sufficient audit capability to detect gateway security breaches and attempted network intrusions f. provide real-time alarms.