CCI|CCI-002080

Title

The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-003143 - AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.UnixDISA STIG Apple Mac OSX 10.13 v2r5
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall PolicyUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.UnixDISA SLES 12 STIG v3r1
UBTU-16-030050 - An application firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.UnixDISA STIG Ubuntu 16.04 LTS v2r3
WN16-00-000310 - A host-based firewall must be installed and enabled on the system.WindowsDISA Windows Server 2016 STIG v2r9
WN19-00-000280 - Windows Server 2019 must have a host-based firewall installed and enabled.WindowsDISA Windows Server 2019 STIG v3r2
WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.WindowsDISA Windows Server 2022 STIG v2r2