3.13.6

Requirement

Deny network communications traffic by default, and allow network communications traffic by exception.

Discussion

This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, allow-by-exception network communications traffic policy ensures that only essential and approved connections are allowed.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: system and communications protection policy and procedures; procedures for boundary protection; system design documentation; system configuration settings; system audit records; system security plan; other relevant documents or records]
Interview

[SELECT FROM: mechanisms for implementing traffic management at managed interfaces]
Test

[SELECT FROM: personnel with boundary protection responsibilities; personnel with information security responsibilities; system developers; system administrators]

ID	Assessment Objectives
A.03.13.06[01]	network communications traffic is denied by default.
A.03.13.06[02]	network communications traffic is allowed by exception.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!