Cyber Essentials
DashboardSign Out

Lesson 4.4 — Firewall rule reviews: keeping rules current and removing what is no longer needed

This lesson helps the learner turn firewall rule documentation into an ongoing review process.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • plan and perform a practical firewall rule review
  • confirm whether existing rules remain justified
  • identify rules that should be removed or restricted
  • record review evidence
  • assign ownership for future reviews.

Why This Matters

It explains how to review firewall rules, who should be involved, what evidence to keep, how often reviews should happen in practice, and how to remove or disable rules that are no longer needed.

The most common problems are:

  • treating firewall rule review as a tick-box exercise;
  • reviewing only one firewall when several exist;
  • forgetting cloud security groups;
  • forgetting branch routers;

The Core Rule

Firewall rule documentation records what exists.

Firewall rule review decides whether those rules should still exist.

What the CE Assessor Looks For

A strong position shows:

  • it includes all in-scope firewalls and cloud rule sets;
  • each inbound rule has a business need;
  • each rule has an owner;
  • each rule has approval;
  • high-risk services are challenged;
  • temporary rules have expiry dates;

Common Mistakes

  • treating firewall rule review as a tick-box exercise;
  • reviewing only one firewall when several exist;
  • forgetting cloud security groups;
  • forgetting branch routers;
  • forgetting supplier access;
  • leaving temporary rules active indefinitely;

Copy This

Work through the workbook activity for this lesson. Each question maps directly to the CE questionnaire.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] What is the difference between firewall rule documentation and firewall rule review?
  • [ ] Why do firewall rules need reviewing?
  • [ ] Who should be involved in a firewall rule review?
  • [ ] Name three useful triggers for a firewall rule review.
  • [ ] Should cloud security groups be included in firewall rule reviews?

Your Action

Do this now — it takes 10–20 minutes.

Check when your firewall rules were last formally reviewed. If it has been over a year, schedule a review and record the date in Section F.

Key Takeaway

If nobody can explain a rule, investigate it before submission.

Your Workbook Activity

Complete: Firewall rule review record

Next Lesson

In the next lesson: Software firewalls on laptops, desktops and remote-worker devices

Up next

Software firewalls on laptops, desktops and remote-worker devices

Apply software firewall requirements to user devices, especially laptops and remote endpoints.