CMMC 2.0 • LEVEL 2 • SYSTEM & COMMUNICATIONS PROTECTION

SC.L2-3.13.6Network Communications – Deny by Default – Allow by Exception

This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points within the system. A deny-all, allow-by-exception network communications traffic policy ensures that only essential and approved connections are allowed.

NIST 800-171 Mapping

NIST 800-53 Controls

SC-7(7)

Assessment Objectives

  • network communications traffic is denied by default.
  • network communications traffic is allowed by exception.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

SC.L1-3.13.1 Boundary Protection SC.L2-3.13.2 Employ Architectural Designs, Software Development Techniques, and Systems Engineering Principles That Promote Effective Information Security SC.L2-3.13.3 Separate User Functionality from System Management Functionality SC.L2-3.13.4 Information in Shared System Resources