Which statement best describes firewall management policy documentation?

Policies for firewall management should be written, put into practice, and clearly communicated to everyone who is affected by them. When a policy is documented, it creates a standard everyone can follow; when it’s in use, it drives actual configuration and change control; and when it’s known by all affected parties, those responsible for implementing and auditing the controls understand their roles and obligations. This combination ensures there’s a consistent baseline for how firewalls are configured, updated, and monitored, and it provides verifiable evidence for audits and security reviews. Keeping policies secret, or having them exist only in theory or only at the top levels, breaks the chain of accountability and makes it unlikely that configurations will be applied consistently or that anyone can demonstrate compliance.