Mechanisms exist to design, implement and review firewall and router configurations to restrict connections between untrusted networks and internal systems.
Does the organization design, implement and review firewall and router configurations to restrict connections between untrusted networks and internal systems?