Title

Any software application designed to function as a firewall must be capable employing a default deny all configuration. (Cat II impact)

Discussion

A firewall default deny is a firewall configuration setting that will force the administrator to explicitly allow network or application traffic rather than allowing all traffic by default. The purpose is to prevent unmanaged access into the internal network or in the case of an application firewall, to application content, features, or functionality. Rationale for non-applicability: Mobile applications do not provide network services to other devices. Most mobile devices function outside the organization's security boundary and therefore are not positioned to provide boundary protection services in any case.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46964r1_rule

Vulnerability ID: V-35677

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.