
17
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Patch Management (continued)
Describe the procedure used for testing
security patches before deployment
intoproduction.
ISO/IEC 27001 A.10.1.2 L325
NIST SP 800-53 CM-1 L326
HIPAA Standard
PCI DSS V2.0 6.4 L327
AUP V5.0 I.4 L328
System Information Integrity and Monitoring
Firewall and Router Security Administration
Document the firewall and router
configuration standards, incorporating
the items below.
ISO/IEC 27001 A.10.1.2 L329
NIST SP 800-53 CM-1 L330
HIPAA Standard
PCI DSS V2.0 1.1 L331
AUP V5.0
Describe the process for testing and
approval of all network connections
andchanges to firewall and router ...