During design-time before a build-out, I currently create an excel file version of a firewall rulebase (policy) representing source/target/port/protocol/etc definitions before being pushed to the vendor-specific firewall devices.
Question: Is there an approach to do FISMA/NIST/CIS analysis of that rulebase prior to deploying? I see a lot of analysis tools are for active-integration directly into the firewall devices, and/or doing log analysis after they have been running a while. In trying to be proactive, is there an approach during design-time to catch any obvious gotchas?