Deny network communications traffic by default and allow network communications traffic by exception [one or more of "at managed interfaces"/"for {{ insert: param, sc-07.05_odp.02 }} "].
Supplemental
Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.