On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
In message <00df01c98b27$3181b7e0$948527a0$@com>, "TJ" writes:
[...SOX auditor stuff...]
When the compliance explicitly requires something they are required to check for it, they don't have the option of ignoring or waving requirements ... and off the top of my head I don't recall if it is SOX that calls for RFC1918 explicitly but I know there are some that do.
Please cite references.
I can find plenty of firewall required references but I'm yet to find a NAT and/or RFC 1918 required.
It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says: Implement IP address masquerading to prevent internal addresses from being translated and revealed on the Internet. Use technologies that implement RFC 1918 address space, such as port address translation (PAT) or network address translation (NAT) I know that some auditors want to hold people to that standard. I stopped working with the credit card people at that point...