NIST 800-53 Rev 5
424 controls available
SC-7(5)moderatehigh
Deny by Default — Allow by Exception
System and Communications Protection
Control Statement
Deny network communications traffic by default and allow network communications traffic by exception {{ insert: param, sc-07.05_odp.01 }}.
Discussion
Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.
- Framework
- NIST SP 800-53 Rev 5
- Family
- System and Communications Protection
- Baselines
- moderate, high
Related Frameworks
3 paths across 2 frameworks
Related Frameworks
NIST 800-1711 mapping
3.13.6
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI2 mappings
CCI-001109
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004872
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
79 STIGs reach this control through 70 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Server
1 STIG
Operating System — Server
1 STIGMicrosoft Windows Server 2025 Security Technical Implementation Guide
V1R12026-02-201 of 284 findings match
M1
Network Device
63 STIGs
Network Device
63 STIGsRouter Security Requirements Guide
52024-05-2835 of 108 findings match
H4M29L2
Router Security Requirements Guide
V5R22025-09-1035 of 123 findings match
H4M29L2
Cisco IOS XR Router RTR Security Technical Implementation Guide
32024-08-2232 of 96 findings match
H3M26L3
Cisco IOS XR Router RTR Security Technical Implementation Guide
V3R32025-08-1932 of 96 findings match
H3M26L3
Juniper EX Series Switches Router Security Technical Implementation Guide
V2R12024-06-1031 of 102 findings match
H3M26L2
Cisco IOS Router RTR Security Technical Implementation Guide
32024-11-2530 of 92 findings match
H2M25L3
Cisco IOS Router RTR Security Technical Implementation Guide
V3R42025-08-1930 of 92 findings match
H2M25L3
Cisco IOS XE Router RTR Security Technical Implementation Guide
32025-05-1630 of 97 findings match
H2M25L3
Show 55 more STIGs in this category →Hide additional STIGs
Cisco IOS XE Router RTR Security Technical Implementation Guide
V3R52025-08-1430 of 97 findings match
H2M25L3
Juniper Router RTR Security Technical Implementation Guide
V3R22024-12-0530 of 96 findings match
H3M25L2
RUCKUS ICX Router Security Technical Implementation Guide
V1R12025-06-0328 of 81 findings match
H4M22L2
Cisco IOS XE Switch RTR Security Technical Implementation Guide
32025-05-2026 of 88 findings match
H2M21L3
Cisco IOS XE Switch RTR Security Technical Implementation Guide
V3R42026-03-0426 of 88 findings match
H2M21L3
Cisco IOS Switch RTR Security Technical Implementation Guide
32024-06-0624 of 53 findings match
H2M19L3
Cisco IOS Switch RTR Security Technical Implementation Guide
V3R32026-03-0424 of 53 findings match
H2M19L3
Arista MLS EOS 4.X Router Security Technical Implementation Guide
V2R22025-02-2021 of 75 findings match
H3M16L2
Cisco NX OS Switch RTR Security Technical Implementation Guide
32024-12-2021 of 78 findings match
H2M16L3
Cisco NX OS Switch RTR Security Technical Implementation Guide
V3R42026-03-0421 of 78 findings match
H2M16L3
Network Infrastructure Policy Security Technical Implementation Guide
V10R72024-08-0218 of 67 findings match
H5M12L1
Cisco ACI Router Security Technical Implementation Guide
12025-06-188 of 45 findings match
M7L1
Dell OS10 Switch Router Security Technical Implementation Guide
12024-12-118 of 42 findings match
H1M6L1
Dell OS10 Switch Router Security Technical Implementation Guide
V1R22026-03-048 of 42 findings match
H1M6L1
Firewall Security Requirements Guide
32024-12-047 of 34 findings match
H1M6
Firewall Security Requirements Guide
V3R32025-09-227 of 35 findings match
H1M6
Arista MLS EOS 4.X L2S Security Technical Implementation Guide
V2R32025-05-196 of 18 findings match
M5L1
Cisco IOS Switch L2S Security Technical Implementation Guide
V3R12024-06-066 of 22 findings match
M5L1
Cisco IOS XE Switch L2S Security Technical Implementation Guide
V3R22025-05-196 of 22 findings match
M5L1
Cisco NX OS Switch L2S Security Technical Implementation Guide
V3R22024-08-226 of 22 findings match
M5L1
Application Layer Gateway Security Requirements Guide
22024-12-045 of 155 findings match
M5
Application Layer Gateway Security Requirements Guide
V2R32025-09-155 of 160 findings match
M5
Cisco ASA Firewall Security Technical Implementation Guide
V2R12024-06-065 of 21 findings match
M5
F5 BIG-IP TMOS Firewall Security Technical Implementation Guide
V1R12024-09-095 of 14 findings match
H1M4
Fortinet FortiGate Firewall Security Technical Implementation Guide
12022-09-125 of 29 findings match
M5
Fortinet FortiGate Firewall Security Technical Implementation Guide
V1R42025-11-195 of 29 findings match
M5
Palo Alto Networks ALG Security Technical Implementation Guide
V3R42025-03-125 of 50 findings match
M5
Cisco ACI Router Security Technical Implementation Guide
V1R22025-12-114 of 26 findings match
M3L1
Symantec ProxySG ALG Security Technical Implementation Guide
V1R32020-03-274 of 66 findings match
M4
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
12024-10-293 of 14 findings match
M3
HPE Aruba Networking AOS Wireless Security Technical Implementation Guide
V1R22026-02-253 of 14 findings match
M3
Juniper EX Series Switches Layer 2 Switch Security Technical Implementation Guide
22025-03-073 of 24 findings match
M3
Juniper EX Series Switches Layer 2 Switch Security Technical Implementation Guide
V2R42025-12-103 of 24 findings match
M3
Juniper SRX Services Gateway ALG Security Technical Implementation Guide
V3R32024-12-193 of 24 findings match
M3
Layer 2 Switch Security Requirements Guide
V3R42026-02-123 of 36 findings match
M3
Virtual Private Network (VPN) Security Requirements Guide
32024-12-193 of 82 findings match
M3
Virtual Private Network (VPN) Security Requirements Guide
V3R42025-09-103 of 92 findings match
M3
HP FlexFabric Switch RTR Security Technical Implementation Guide
V1R22020-06-032 of 21 findings match
M2
HPE Aruba Networking AOS VPN Security Technical Implementation Guide
V1R12024-10-292 of 21 findings match
M2
IBM DataPower ALG Security Technical Implementation Guide
V1R12016-01-212 of 65 findings match
M2
Juniper SRX Services Gateway VPN Security Technical Implementation Guide
V3R22024-12-202 of 28 findings match
M2
Layer 2 Switch Security Requirements Guide
32025-03-052 of 28 findings match
M2
Network WLAN AP-IG Platform Security Technical Implementation Guide
V7R32023-02-132 of 9 findings match
M2
Network WLAN Bridge Platform Security Technical Implementation Guide
V7R22023-02-132 of 6 findings match
M2
Network WLAN Controller Platform Security Technical Implementation Guide
V7R32023-02-132 of 6 findings match
M2
SDN Controller Security Requirements Guide
22024-05-282 of 34 findings match
M2
Symantec Edge SWG ALG Security Technical Implementation Guide
V1R12025-12-162 of 15 findings match
M2
Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide
V1R12017-09-151 of 33 findings match
M1
Cisco ACI Layer 2 Switch Security Technical Implementation Guide
12025-06-131 of 13 findings match
M1
Cisco ASA VPN Security Technical Implementation Guide
V2R22024-08-221 of 41 findings match
M1
Dell OS10 Switch Layer 2 Switch Security Technical Implementation Guide
V1R12024-12-111 of 20 findings match
M1
Ivanti Connect Secure VPN Security Technical Implementation Guide
22024-06-101 of 15 findings match
M1
Ivanti Connect Secure VPN Security Technical Implementation Guide
V2R22025-09-091 of 15 findings match
M1
Network WLAN AP-NIPR Platform Security Technical Implementation Guide
V7R32023-02-131 of 11 findings match
M1
RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide
V1R12025-06-031 of 24 findings match
M1
Web / Application Server
2 STIGs
Web / Application Server
2 STIGsApplication Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
M1
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match
M1
Virtualization / Container
9 STIGs
Virtualization / Container
9 STIGsVMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide
V1R32023-06-222 of 9 findings match
M2
VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide
V1R32023-06-222 of 7 findings match
M2
Kubernetes Security Technical Implementation Guide
22025-05-161 of 94 findings match
M1
Kubernetes Security Technical Implementation Guide
V2R62026-02-121 of 92 findings match
M1
VMware NSX 4.x Distributed Firewall Security Technical Implementation Guide
V1R22024-12-131 of 6 findings match
M1
VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide
V1R22024-12-131 of 4 findings match
M1
VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide
V1R22024-12-201 of 5 findings match
M1
VMware NSX-T Distributed Firewall Security Technical Implementation Guide
V1R32023-06-231 of 7 findings match
L1
Show 1 more STIG in this category →Hide additional STIGs
VMware NSX-T Tier-0 Gateway RTR Security Technical Implementation Guide
V1R22022-09-011 of 16 findings match
H1
Cloud / Identity Service
1 STIG
Cloud / Identity Service
1 STIGCloud Computing Mission Owner Network Security Requirements Guide
V1R22024-12-204 of 9 findings match
H2M2
Endpoint Security Management
3 STIGs
Endpoint Security Management
3 STIGsIntrusion Detection and Prevention Systems Security Requirements Guide
32025-05-191 of 58 findings match
M1
Intrusion Detection and Prevention Systems Security Requirements Guide
V3R42025-09-221 of 60 findings match
M1
Ivanti Sentry 9.x ALG Security Technical Implementation Guide
V3R12024-09-251 of 32 findings match
M1