3.13.6: Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception)

Control Type:

Derived

CSF v1.1 References:

Discussion

This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed.