CCI|CCI-002080

Title

The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.	Unix	DISA STIG AIX 7.x v2r9
AOSX-12-000155 - The OS X system firewall must be configured with a default-deny policy.	Unix	DISA STIG Apple Mac OSX 10.12 v1r6
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.	Unix	DISA STIG Apple Mac OSX 10.13 v2r1
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.	Unix	DISA STIG Apple Mac OSX 10.13 v2r3
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments - enabled	Unix	DISA SLES 12 STIG v2r9
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments - enabled	Unix	DISA SLES 12 STIG v2r7
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.	Unix	DISA SLES 12 STIG v2r12
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.	Unix	DISA SLES 12 STIG v2r13
UBTU-16-030050 - An application firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030050 - An application firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.	Unix	DISA STIG Ubuntu 16.04 LTS v2r1
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r5
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r6
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r2
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r3
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r7
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r4
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.	Windows	DISA Windows Server 2016 STIG v2r8
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r3
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r4
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r7
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r8
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r9
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r2
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2019 STIG v2r5
WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2022 STIG v1r5
WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2022 STIG v1r4
WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2022 STIG v1r1
WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.	Windows	DISA Windows Server 2022 STIG v1r3
ZEBR-11-004700 - Zebra Android 11 must be configured to disable multi-user modes.	MDM	MobileIron - DISA Zebra Android 11 COBO v1r1
ZEBR-11-004700 - Zebra Android 11 must be configured to disable multi-user modes.	MDM	AirWatch - DISA Zebra Android 11 COBO v1r1

Detections

Analytics

CCI|CCI-002080

Title

Reference Item Details

Audit Items