9.4: Apply Host-Based Firewalls or Port-Filtering

CSF v1.1 References:

PR.IP-1

PF v1.0 References:

PR.PO-P1

Threats Addressed:

Lateral Movement

Group:

The next version of the control set incorporates all or part of this control into: 4.4: Implement and Manage a Firewall on Servers, 4.5: Implement and Manage a Firewall on End-User Devices.

Control Statement

Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-171 Revision 2

NIST Special Publication 800-53 Revision 4