NIST 800-171 v2
110 security requirements available
3.13.6Derived Requirement
System and Communications Protection
Security Requirement
Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Discussion
This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed.
- Framework
- NIST SP 800-171 Rev 2
- Family
- System and Communications Protection
- Requirement Type
- derived
Related Frameworks
3 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-7(5)
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI2 mappings
CCI-001109
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004872
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
79 STIGs reach this control through 70 CCIs via 800-53 control SC-7. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Server
1 STIG
Operating System — Server
1 STIGMicrosoft Windows Server 2025 Security Technical Implementation Guide
V1R12026-02-201 of 284 findings match
M1
Network Device
63 STIGs
Network Device
63 STIGsRouter Security Requirements Guide
52024-05-2835 of 108 findings match
H4M29L2
Router Security Requirements Guide
V5R22025-09-1035 of 123 findings match
H4M29L2
Cisco IOS XR Router RTR Security Technical Implementation Guide
32024-08-2232 of 96 findings match
H3M26L3
Cisco IOS XR Router RTR Security Technical Implementation Guide
V3R32025-08-1932 of 96 findings match
H3M26L3
Juniper EX Series Switches Router Security Technical Implementation Guide
V2R12024-06-1031 of 102 findings match
H3M26L2
Cisco IOS Router RTR Security Technical Implementation Guide
32024-11-2530 of 92 findings match
H2M25L3
Cisco IOS Router RTR Security Technical Implementation Guide
V3R42025-08-1930 of 92 findings match
H2M25L3
Cisco IOS XE Router RTR Security Technical Implementation Guide
32025-05-1630 of 97 findings match
H2M25L3
Show 55 more STIGs in this category →Hide additional STIGs
Cisco IOS XE Router RTR Security Technical Implementation Guide
V3R52025-08-1430 of 97 findings match
H2M25L3
Juniper Router RTR Security Technical Implementation Guide
V3R22024-12-0530 of 96 findings match
H3M25L2
RUCKUS ICX Router Security Technical Implementation Guide
V1R12025-06-0328 of 81 findings match
H4M22L2
Cisco IOS XE Switch RTR Security Technical Implementation Guide
32025-05-2026 of 88 findings match
H2M21L3
Cisco IOS XE Switch RTR Security Technical Implementation Guide
V3R42026-03-0426 of 88 findings match
H2M21L3
Cisco IOS Switch RTR Security Technical Implementation Guide
32024-06-0624 of 53 findings match
H2M19L3
Cisco IOS Switch RTR Security Technical Implementation Guide
V3R32026-03-0424 of 53 findings match
H2M19L3
Arista MLS EOS 4.X Router Security Technical Implementation Guide
V2R22025-02-2021 of 75 findings match
H3M16L2
Cisco NX OS Switch RTR Security Technical Implementation Guide
32024-12-2021 of 78 findings match
H2M16L3
Cisco NX OS Switch RTR Security Technical Implementation Guide
V3R42026-03-0421 of 78 findings match
H2M16L3
Network Infrastructure Policy Security Technical Implementation Guide
V10R72024-08-0218 of 67 findings match
H5M12L1
Cisco ACI Router Security Technical Implementation Guide
12025-06-188 of 45 findings match
M7L1
Dell OS10 Switch Router Security Technical Implementation Guide
12024-12-118 of 42 findings match
H1M6L1
Dell OS10 Switch Router Security Technical Implementation Guide
V1R22026-03-048 of 42 findings match
H1M6L1
Firewall Security Requirements Guide
32024-12-047 of 34 findings match
H1M6
Firewall Security Requirements Guide
V3R32025-09-227 of 35 findings match
H1M6
Arista MLS EOS 4.X L2S Security Technical Implementation Guide
V2R32025-05-196 of 18 findings match
M5L1
Cisco IOS Switch L2S Security Technical Implementation Guide
V3R12024-06-066 of 22 findings match
M5L1
Cisco IOS XE Switch L2S Security Technical Implementation Guide
V3R22025-05-196 of 22 findings match
M5L1
Cisco NX OS Switch L2S Security Technical Implementation Guide
V3R22024-08-226 of 22 findings match
M5L1
Application Layer Gateway Security Requirements Guide
22024-12-045 of 155 findings match
M5
Application Layer Gateway Security Requirements Guide
V2R32025-09-155 of 160 findings match
M5
Cisco ASA Firewall Security Technical Implementation Guide
V2R12024-06-065 of 21 findings match
M5
F5 BIG-IP TMOS Firewall Security Technical Implementation Guide
V1R12024-09-095 of 14 findings match
H1M4
Fortinet FortiGate Firewall Security Technical Implementation Guide
12022-09-125 of 29 findings match
M5
Fortinet FortiGate Firewall Security Technical Implementation Guide
V1R42025-11-195 of 29 findings match
M5
Palo Alto Networks ALG Security Technical Implementation Guide
V3R42025-03-125 of 50 findings match
M5
Cisco ACI Router Security Technical Implementation Guide
V1R22025-12-114 of 26 findings match
M3L1
Symantec ProxySG ALG Security Technical Implementation Guide
V1R32020-03-274 of 66 findings match
M4
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
12024-10-293 of 14 findings match
M3
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
V1R22026-02-253 of 14 findings match
M3
Juniper EX Series Switches Layer 2 Switch Security Technical Implementation Guide
22025-03-073 of 24 findings match
M3
Juniper EX Series Switches Layer 2 Switch Security Technical Implementation Guide
V2R42025-12-103 of 24 findings match
M3
Juniper SRX Services Gateway ALG Security Technical Implementation Guide
V3R32024-12-193 of 24 findings match
M3
Layer 2 Switch Security Requirements Guide
V3R42026-02-123 of 36 findings match
M3
Virtual Private Network (VPN) Security Requirements Guide
32024-12-193 of 82 findings match
M3
Virtual Private Network (VPN) Security Requirements Guide
V3R42025-09-103 of 92 findings match
M3
HP FlexFabric Switch RTR Security Technical Implementation Guide
V1R22020-06-032 of 21 findings match
M2
HPE Aruba Networking AOS VPN Security Technical Implementation Guide
V1R12024-10-292 of 21 findings match
M2
IBM DataPower ALG Security Technical Implementation Guide
V1R12016-01-212 of 65 findings match
M2
Juniper SRX Services Gateway VPN Security Technical Implementation Guide
V3R22024-12-202 of 28 findings match
M2
Layer 2 Switch Security Requirements Guide
32025-03-052 of 28 findings match
M2
Network WLAN AP-IG Platform Security Technical Implementation Guide
V7R32023-02-132 of 9 findings match
M2
Network WLAN Bridge Platform Security Technical Implementation Guide
V7R22023-02-132 of 6 findings match
M2
Network WLAN Controller Platform Security Technical Implementation Guide
V7R32023-02-132 of 6 findings match
M2
SDN Controller Security Requirements Guide
22024-05-282 of 34 findings match
M2
Symantec Edge SWG ALG Security Technical Implementation Guide
V1R12025-12-162 of 15 findings match
M2
Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide
V1R12017-09-151 of 33 findings match
M1
Cisco ACI Layer 2 Switch Security Technical Implementation Guide
12025-06-131 of 13 findings match
M1
Cisco ASA VPN Security Technical Implementation Guide
V2R22024-08-221 of 41 findings match
M1
Dell OS10 Switch Layer 2 Switch Security Technical Implementation Guide
V1R12024-12-111 of 20 findings match
M1
Ivanti Connect Secure VPN Security Technical Implementation Guide
22024-06-101 of 15 findings match
M1
Ivanti Connect Secure VPN Security Technical Implementation Guide
V2R22025-09-091 of 15 findings match
M1
Network WLAN AP-NIPR Platform Security Technical Implementation Guide
V7R32023-02-131 of 11 findings match
M1
RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide
V1R12025-06-031 of 24 findings match
M1
Web / Application Server
2 STIGs
Web / Application Server
2 STIGsApplication Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
M1
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match
M1
Virtualization / Container
9 STIGs
Virtualization / Container
9 STIGsVMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide
V1R32023-06-222 of 9 findings match
M2
VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide
V1R32023-06-222 of 7 findings match
M2
Kubernetes Security Technical Implementation Guide
22025-05-161 of 94 findings match
M1
Kubernetes Security Technical Implementation Guide
V2R62026-02-121 of 92 findings match
M1
VMware NSX 4.x Distributed Firewall Security Technical Implementation Guide
V1R22024-12-131 of 6 findings match
M1
VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide
V1R22024-12-131 of 4 findings match
M1
VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide
V1R22024-12-201 of 5 findings match
M1
VMware NSX-T Distributed Firewall Security Technical Implementation Guide
V1R32023-06-231 of 7 findings match
L1
Show 1 more STIG in this category →Hide additional STIGs
VMware NSX-T Tier-0 Gateway RTR Security Technical Implementation Guide
V1R22022-09-011 of 16 findings match
H1
Cloud / Identity Service
1 STIG
Cloud / Identity Service
1 STIGCloud Computing Mission Owner Network Security Requirements Guide
V1R22024-12-204 of 9 findings match
H2M2
Endpoint Security Management
3 STIGs
Endpoint Security Management
3 STIGsIntrusion Detection and Prevention Systems Security Requirements Guide
32025-05-191 of 58 findings match
M1
Intrusion Detection and Prevention Systems Security Requirements Guide
V3R42025-09-221 of 60 findings match
M1
Ivanti Sentry 9.x ALG Security Technical Implementation Guide
V3R12024-09-251 of 32 findings match
M1