Firewall Requirements for SOC 2

In this article, you will discover:

  • What’s SOC 2 and Firewall
  • Types of Firewalls
  • Firewall requirements in SOC 2

What’s SOC 2?

SOC 2 (stands for Systems and Organization Controls 2) is a compliance standard developed by the American Institute of CPAs (AICPA) in 2010, providing guidelines for service organizations to protect customer data from unauthorized access, security incidents or vulnerabilities.

It defines requirements to manage and store customer data based on five Trust Services Criteria (TSC):

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

SOC 2 is an attestation-based standard where an organization can assert the existence of certain controls, which need to be subsequently verified by a third-party auditor. It’s worth emphasizing that SOC 2 is not a compulsory security framework because it doesn’t prescribe specific best practices. Hence, technically, there is no official “SOC 2 Certification” – only an attestation report. 

More information about SOC 2 can be found in this article.

What’s a Firewall?

A firewall serves as a network security tool, overseeing both incoming and outgoing network traffic and determining whether to permit or block specific traffic based on predefined security rules. 

With a history spanning more than 25 years, firewalls serve as the primary defense mechanism in network security, creating a boundary between secure internal networks and potentially untrustworthy external networks like the Internet. 

Firewalls can take various forms, including hardware, software, software-as-a-service (SaaS), and deployment in public or private clouds.

Benefits of a Firewall

  • Monitors Network Traffic

Firewalls analyze network traffic to enforce rules and filters, enabling proactive management of system protection.

  • Stops Virus Attacks: 

By controlling system entry points, firewalls prevent harmful viruses from infiltrating and causing potential damage.

  • Prevents Hacking: 

Firewalls act as a barrier against unauthorized access attempts, deterring hackers from compromising sensitive data and systems.

  • Stops Spyware:

By blocking spyware and malware, firewalls safeguard systems from unauthorized infiltration and data theft.

  • Promotes Privacy: 

Firewalls ensure data security, fostering trust and privacy for clients and enhancing organizational reputation and competitiveness.

Different types of Firewall


Packet filtering firewall

  • Inspects data packets with source and destination IP
  • Drops packets failing inspections


  • Easy to bypass
  • Vulnerable to IP spoofing
  • Lacks user authentication and logging
  • Inflexible, designed to monitor specific details

Stateful inspection firewall

  • “Traditional” firewall
  • Combines packet filtering and TCP handshakes
  • Tracks and filters based on the connection status
  • Better protection than packet-filtering
  • Better logging and tracking features
  • No application-filtering or content-filtering
  • High resource consumption (memory & CPU)
  • Complex configuration

Proxy firewall (application-level gateway)

Verifies packets, TCP handshake, and application layer inspections

  • Extra separation between the source and the network
  • Powerful if configured correctly
  • Easy setup process
  • Delivery via cloud solutions
  • Needs new proxy for each application
  • Complex configuration
  • Slow performance

Unified threat management (UTM) firewall

  • Combines stateful inspection with intrusion prevention and antivirus

  • Includes cloud management for added services
  • Simple: consolidates IT services into 1 device
  • Centralized management
  • Flexible
  • Single point of failure
  • Slow performance if handles a lot of applications

Next-generation firewall (NGFW)

  • Deep-packet inspection
  • Included Intrusion prevention systems (IPS)
  • Application Identification and filtering
  • Highly Secure
  • Monitors network protocols from the data link layer
  • More efficient than the combination of other firewalls
  • Single point of failure 
  • Require high investment & resources
  • Complex configuration
  • Slower performance compared to traditional firewalls

Threat-focused NGFW

All the capabilities of a traditional NGFW + advanced threat detection and remediation

Robust threat defense

Same limitations as NGFWs

Virtual firewall

Virtual appliance in a private cloud (VMware ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google Cloud, …)

  • More cost-effective than physical firewalls
  • Scalable
  • Flexible: customize policies based on specific needs
  • Centralized management
  • High resource consumption
  • Security risks if not properly configured
  • Complex configuration
  • Price fluctuates based on consumption

Cloud Native Firewall

  • Multi-tenant capability

  • Smart load balancing
  • Agile and elastic: customize policies based on specific needs
  • Centralized management
  • Scalable
  • Single point of failure
  • Complex configuration
  • Slow down network performance

Firewall Requirements for SOC 2

Among the Five Trust Services Criteria (TSC) outlined in SOC 2, Firewalls are crucial for meeting the Security TSC requirements.

The Security principle focuses on safeguarding system resources from unauthorized access, which includes measures to prevent system abuse, data theft, software misuse, and unauthorized data alteration or disclosure. Utilizing IT security tools like network and web application firewalls, intrusion detection systems, and two-factor authentication helps avert security breaches that could result in unauthorized access to systems and data.

Moreover, the Security principle includes nine “points of focus,” with CC5.1 and CC6.6 being particularly pertinent to Firewall requirements.

CC5.1 The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 

Evaluates a Mix of Control Activity Types This involves assessing a diverse set of control activities, balancing automated and manual, preventive and detective controls to reduce risk. 

  • Firewalls are among such preventive controls.

CC6.6 The entity implements logical access security measures to protect against threats from sources outside its system boundaries.

Implements Boundary Protection Systems — Boundary protection systems like firewalls, intrusion detection or prevention systems and so on should be configured, implemented, and maintained to protect external access points.

Sign up for Agency today to explore the capabilities of Firewalls for your business. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts