HECVAT Category
Firewalls, IDS, IPS, and Networking
Firewalls, IDS, IPS, and Networking covers controls and questions related to that domain. It outlines expectations institutions typically require from vendors. The category helps assess risk posture and operational maturity. It provides structure for consistent evaluation during security reviews.
Assessment Questions
Are you utilizing a stateful packet inspection (SPI) firewall?
This question is asking whether your organization uses a stateful packet inspection (SPI) firewall as part of your network security infrastructure.
Do you have a documented policy for firewall change requests?
This question is asking whether your organization has a formal, documented policy that governs how changes to firewalls are requested, approved, implemented, and documented.
Have you implemented an intrusion detection system (network-based)?
This question is asking whether your organization has implemented a Network-based Intrusion Detection System (NIDS).
Do you employ host-based intrusion detection?
This question is asking whether your organization uses host-based intrusion detection systems (HIDS) on your servers, workstations, or other computing devices.
Are audit logs available for all changes to the network, firewall, IDS, and IPS systems?
This question is asking whether your organization maintains detailed logs of any changes made to your network infrastructure and security systems (specifically firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS)).
Is authority for firewall change approval documented? Please list approver names or titles in Additional Info.
This question is asking whether your organization has a formal, documented process for approving changes to firewall configurations, and specifically who has the authority to approve such changes.
Have you implemented an intrusion prevention system (network-based)?
This question is asking whether your organization has implemented a network-based intrusion prevention system (IPS).
Do you employ host-based intrusion prevention?
This question is asking whether your organization uses Host-based Intrusion Prevention Systems (HIPS) on your servers, workstations, or other computing devices.
Are you employing any next-generation persistent threat (NGPT) monitoring?
This question is asking whether your organization uses advanced security monitoring tools specifically designed to detect and respond to sophisticated, persistent cyber threats that traditional security measures might miss.
Is intrusion monitoring performed internally or by a third-party service?
This question is asking about your organization's approach to intrusion monitoring - specifically whether you handle this security function internally with your own staff and tools, outsource it to a third-party security provider, or use some combination of both.
Do you monitor for intrusions on a 24 x 7 x 365 basis?
This question is asking whether your organization has continuous, round-the-clock monitoring for potential security intrusions into your network or systems. '24 x 7 x 365' means 24 hours a day, 7 days a week, 365 days a year - essentially, without any gaps in coverage.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.
