There was a substantial increase in compliance with Requirement 1 Control 1.1, which has to do with the documentation of firewall standards. About 75 percent of organizations were compliant in 2014, compared to 51 percent in 2013. The ones who weren’t compliant were likely just listing all change tickets instead of documenting how the firewall feature was being used. The requirement’s goal is to map and analyze the specific configurations of these devices and ensuring the firewall is working properly, Jody Brazil, CEO of FireMon, told SecurityWeek. Brazil noted the failure to do so means there is no real world improvement to security.