Firewall Requirements for SOC 2

In this article, you will discover:

• What’s SOC 2 and Firewall
• Types of Firewalls
• Firewall requirements in SOC 2

What’s SOC 2?

SOC 2 (stands for Systems and Organization Controls 2) is a compliance standard developed by the American Institute of CPAs (AICPA) in 2010, providing guidelines for service organizations to protect customer data from unauthorized access, security incidents or vulnerabilities.

It defines requirements to manage and store customer data based on five Trust Services Criteria (TSC):

• Security
• Availability
• Processing integrity
• Confidentiality
• Privacy

SOC 2 is an attestation-based standard where an organization can assert the existence of certain controls, which need to be subsequently verified by a third-party auditor. It’s worth emphasizing that SOC 2 is not a compulsory security framework because it doesn’t prescribe specific best practices. Hence, technically, there is no official “SOC 2 Certification” – only an attestation report. 

More information about SOC 2 can be found in this article.

What’s a Firewall?

A firewall serves as a network security tool, overseeing both incoming and outgoing network traffic and determining whether to permit or block specific traffic based on predefined security rules. 

With a history spanning more than 25 years, firewalls serve as the primary defense mechanism in network security, creating a boundary between secure internal networks and potentially untrustworthy external networks like the Internet. 

Firewalls can take various forms, including hardware, software, software-as-a-service (SaaS), and deployment in public or private clouds.

Benefits of a Firewall

• Monitors Network Traffic

Firewalls analyze network traffic to enforce rules and filters, enabling proactive management of system protection.

• Stops Virus Attacks: 

By controlling system entry points, firewalls prevent harmful viruses from infiltrating and causing potential damage.

• Prevents Hacking: 

Firewalls act as a barrier against unauthorized access attempts, deterring hackers from compromising sensitive data and systems.

• Stops Spyware:

By blocking spyware and malware, firewalls safeguard systems from unauthorized infiltration and data theft.

• Promotes Privacy: 

Firewalls ensure data security, fostering trust and privacy for clients and enhancing organizational reputation and competitiveness.

Different types of Firewall

Type	Functionality	Advantages	Disadvantages
Packet filtering firewall	Inspects data packets with source and destination IP Drops packets failing inspections	Simple	Easy to bypass Vulnerable to IP spoofing Lacks user authentication and logging Inflexible, designed to monitor specific details
Stateful inspection firewall	“Traditional” firewall Combines packet filtering and TCP handshakes Tracks and filters based on the connection status	Better protection than packet-filtering Better logging and tracking features	No application-filtering or content-filtering High resource consumption (memory & CPU) Complex configuration
Proxy firewall (application-level gateway)	Verifies packets, TCP handshake, and application layer inspections	Extra separation between the source and the network Powerful if configured correctly Easy setup process Delivery via cloud solutions	Needs new proxy for each application Complex configuration Slow performance
Unified threat management (UTM) firewall	Combines stateful inspection with intrusion prevention and antivirus Includes cloud management for added services	Simple: consolidates IT services into 1 device Centralized management Flexible	Single point of failure Slow performance if handles a lot of applications
Next-generation firewall (NGFW)	Deep-packet inspection Included Intrusion prevention systems (IPS) Application Identification and filtering	Highly Secure Monitors network protocols from the data link layer More efficient than the combination of other firewalls	Single point of failure  Require high investment & resources Complex configuration Slower performance compared to traditional firewalls
Threat-focused NGFW	All the capabilities of a traditional NGFW + advanced threat detection and remediation	Robust threat defense	Same limitations as NGFWs
Virtual firewall	Virtual appliance in a private cloud (VMware ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google Cloud, …)	More cost-effective than physical firewalls Scalable Flexible: customize policies based on specific needs Centralized management	High resource consumption Security risks if not properly configured Complex configuration Price fluctuates based on consumption
Cloud Native Firewall	Multi-tenant capability Smart load balancing	Agile and elastic: customize policies based on specific needs Centralized management Scalable	Single point of failure Complex configuration Slow down network performance

Firewall Requirements for SOC 2

Among the Five Trust Services Criteria (TSC) outlined in SOC 2, Firewalls are crucial for meeting the Security TSC requirements.

The Security principle focuses on safeguarding system resources from unauthorized access, which includes measures to prevent system abuse, data theft, software misuse, and unauthorized data alteration or disclosure. Utilizing IT security tools like network and web application firewalls, intrusion detection systems, and two-factor authentication helps avert security breaches that could result in unauthorized access to systems and data.

Moreover, the Security principle includes nine “points of focus,” with CC5.1 and CC6.6 being particularly pertinent to Firewall requirements.

CC5.1 The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 

Evaluates a Mix of Control Activity Types — This involves assessing a diverse set of control activities, balancing automated and manual, preventive and detective controls to reduce risk. 

• Firewalls are among such preventive controls.

CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries.

Implements Boundary Protection Systems — Boundary protection systems like firewalls, intrusion detection or prevention systems and so on should be configured, implemented, and maintained to protect external access points.

Sign up for Agency today to explore the capabilities of Firewalls for your business.