In message <00df01c98b27$3181b7e0$948527...@com>, "TJ" writes:
> >> > The SOX auditor ought to know better. Any auditor that
> >> > requires NAT is incompenent.
> >>
> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> >> RFC1918 addressing ...
> >
> >SOX auditors are incompetent. I've been asked about anti-virus software on
> >UNIX servers and then asked to prove that they run UNIX.........
>
> Fair enough, but my point was that it isn't the auditors' faults in _all_
> cases.
> When the compliance explicitly requires something they are required to check
> for it, they don't have the option of ignoring or waving requirements ...
> and off the top of my head I don't recall if it is SOX that calls for
> RFC1918 explicitly but I know there are some that do.
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
