Personal tools

Can pfSense meet regulatory requirements

From PFSenseDocs

Jump to: navigation, search

Prospective pfSense users commonly inquire about the ability to meet security requirements applicable to their specific environments. Some of those include PCI, SOX, GLBA, HIPAA, amongst numerous other similar regulations for publicly traded companies, financial institutions, healthcare institutions, and others.

There are numerous companies in many regulated industries using pfSense that pass their audits with no problems, including all of the aforementioned regulations/standards amongst others. However it's important to keep in mind that your firewall is a small portion of your security infrastructure, and those regulations are more about policies, procedures, and configuration than the actual products being used.

So yes, pfSense can meet your regulatory requirements, but that is dependent on configuration, policies, procedures, amongst other things - there is no compliance silver bullet. There may be circumstances specific to your company that make another product a better fit for compliance (or other) reasons, but that's true of all commercial and open source solutions, there is no one product that is a perfect fit for everyone.