The HIPAA security standards are designed to be comprehensive, technology neutral and:
Statement 1: A firewall is one or more systems, that may be a combination of hardware and software that serves as a security mechanism to prevent unauthorized access between trusted and un-trusted networks.
Statement 2: A firewall refers to a gateway that restricts the flow of information between the external Internet and the internal network.
Statement 3: Firewall systems can protect against attacks that do not pass through its' network interlaces.
The objective of this implementation specification is to implement security measures sufficient to reduce vulnerabilities to a reasonable and appropriate level:
This is a documented and routinely updated plan to create and maintain, for a specific period of time, retrievable copies of information: