SC-7(5)
SC-7(5): Deny by Default / Allow by Exception
The information system at managed interfaces denies network communications traffic by default and allows network communications traffic by exception (i.e., deny all, permit by exception).
Supplemental
This control enhancement applies to both inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed.
CIA Levels | |
---|---|
Confidentiality | high |
Integrity | high |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |