I have always found it impossible to get a definitive answer on what has to be done (or not done) for any particular environment (e.g. DoD, HIPAA, Section 508, etc.). Trying to read and then comply 100% with the actual regulations is always open to interpretation. A large part of regulatory compliance is documenting a security policy, disaster recovery, etc. I would suggest you look into getting a copy of "All In One CISSP Exam Preparation Guide" by Shon Harris (sorry, I don't have the ISBN). Most of the regulations you are concerned about will follow the principles of the common base of knowledge (CBK) described in this book. It will also give you a good foundation on general security principles that should be applied in any environment. Go to http://www.nsa.gov/snac/cisco/download.htm for information on securing a router. I don't have a URL, but search for EAL4 on cisco's site. You should be able to find a document on how to install and configure a pix for common criteria EAL4 compliance.
Jay Dunn IPI*GrammTech, Ltd. www.ipi-gt.com Nunquam Facilis Est -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stull, Cory Sent: Wednesday, March 26, 2003 11:42 AM To: [EMAIL PROTECTED] Subject: regulations [7:66267] Where could I go to find information on network security regulations for banks and medical offices?. Information on firewalls and rules they have to abide by and that sort of thing? Thanks God Bless our troops. Cory Stull CCNP,CCDP,MCSE4/2k Communications Concepts Unlimited 262-814-7214 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66316&t=66267 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]