CIO-IT Security-06-31, Revision 10 Firewall and Proxy Change Request Process
U.S. General Services Administration 7
2.2.1 Completing the Change Request
When the Change Request Form is complete, at the bottom of the request form click on Order
Now to submit the ticket or Add to Cart to save the request for later submission.
Once the Service Desk ticket has been created and submitted, send an email to
SecEng@gsa.gov, including the ticket number. Requests will normally be reviewed within five
business days.
2.3 Processing the Change Request
For external firewall requests, steps 1 to 8 apply.
Internal firewall requests typically only include steps 1, 2, 7, and 8 (e.g., Creation of
the request -> Approval by ISSO or ISSM -> Firewall Team makes the change -> Ticket
update).
Changes to the firewall access rules are processed as follows:
1. Individuals requiring a change to a firewall rule-base must submit a request via the GSA
IT Self-Service Catalog as described in Section 2. The associated system ISSOs or
ISSMs must approve the change request.
2. After the ISSM or ISSO approves the request, it is routed to the appropriate team’s
queue, which depends on whether the request is Perimeter or Internal.
3. If the request is Perimeter/External:
a. Tickets are generated with the CISO.OSScanTeam and CISO.WebScanTeam for
vulnerability scanning.
b. OS Vulnerability and Web Scans (as needed) are then conducted against the GSA
hosts or devices as necessary with authenticated scanning. (Note: It is the
requestor’s responsibility to provide credentials if required during the scans.)
4. Any required system scanning will be available within the applicable vulnerability and
compliance scanning tool used by SecOps. Upon completion of scans, SecOps will
forward the results of the scanning activities to the ISSO for remediation and copy the
ISSM if remediation is required. The system should be free of High and Critical risk
vulnerabilities prior to SecOps approval. See Section 4.2 for details.
5. Upon correction of the identified operating system (OS) and application vulnerabilities,
SecOps will verify the corrective action, either manually or by rescanning.
6. Upon successful mitigation of identified vulnerabilities and ISSM approval, SecOps will
close the scan tickets as complete and the Firewall Request will be generated within the
CISO.Firewall queue with approval to process the request or deny the request.
7. Upon receipt of the approved Firewall Change Request from SecOps, the Firewall Team
will make the requested change at the appropriate time and mark the IT Service Desk
Ticket as Resolved.
8. SecOps will update the ticket to document the Service Catalog request details, approval,
and the implemented firewall change.