NIST SP 800-171 & CMMC 2.0 Control 3.13.6 Requirement:
Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
NIST SP 800-171 & CMMC 2.0 3.13.6 Requirement Explanation:
Block all traffic entering and leaving the network, but permit specific traffic based on organizational policies, exceptions, or criteria. This process of permitting only authorized traffic to the network is called whitelisting and limits the number of unintentional connections to the network. By only allowing authorized traffic in and out of your network you can mitigate a wide range of security threats. This control may be tricky to implement, be sure to carefully plan its implementation.
Example NIST SP 800-171 & CMMC 2.0 3.13.6 Implementation:
Only allow authorized traffic in and out of your network. This can be accomplished using firewall rules. This includes blocking ports, IP addresses, and the types of websites users can access. Before blocking traffic, carefully document which traffic needs to enter and and exit your network. Document why you have determined to allow some traffic.
NIST SP 800-171 & CMMC 2.0 3.13.6 Scenario(s):
- Scenario 1:
Your company wants to limit traffic coming in and out of its network to only traffic required to support your business operations. You analyze the traffic coming in and out of your network to determine the traffic essential for your business operations. You create rules in your firewall to allow this traffic and deny all other traffic.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.