NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
SC-1
SC-2
SC-2(1)
SC-2(2)
SC-3
SC-3(1)
SC-3(2)
SC-3(3)
SC-3(4)
SC-3(5)
SC-4
SC-12(4)
SC-4(2)
SC-5
SC-5(1)
SC-5(2)
SC-5(3)
SC-6
SC-7
SC-12(5)
SC-13(1)
SC-7(3)
SC-7(4)
SC-7(5)
SC-13(2)
SC-7(7)
SC-7(8)
SC-7(9)
SC-7(10)
SC-7(11)
SC-7(12)
SC-7(13)
SC-7(14)
SC-7(15)
SC-7(16)
SC-7(17)
SC-7(18)
SC-7(19)
SC-7(20)
SC-7(21)
SC-7(22)
SC-7(23)
SC-7(24)
SC-7(25)
SC-7(26)
SC-7(27)
SC-7(28)
SC-7(29)
SC-8
SC-8(1)
SC-8(2)
SC-8(3)
SC-8(4)
SC-8(5)
SC-13(3)
SC-10
SC-11
SC-11(1)
SC-12
SC-12(1)
SC-12(2)
SC-12(3)
SC-13(4)
SC-14
SC-12(6)
SC-13
SC-15(2)
SC-19
SC-20(1)
SC-21(1)
SC-23(2)
SC-15
SC-15(1)
SC-23(4)
SC-15(3)
SC-15(4)
SC-16
SC-16(1)
SC-16(2)
SC-16(3)
SC-17
SC-18
SC-18(1)
SC-18(2)
SC-18(3)
SC-18(4)
SC-18(5)
SC-26(1)
SC-20
SC-30(1)
SC-20(2)
SC-21
SC-33
SC-22
SC-23
SC-23(1)
SC-34(3)
SC-23(3)
SC-4(1)
SC-23(5)
SC-24
SC-25
SC-26
SC-42(3)
SC-27
SC-28
SC-28(1)
SC-28(2)
SC-28(3)
SC-29
SC-29(1)
SC-30
SC-7(1)
SC-30(2)
SC-30(3)
SC-30(4)
SC-30(5)
SC-31
SC-31(1)
SC-31(2)
SC-31(3)
SC-32
SC-32(1)
SC-7(2)
SC-34
SC-34(1)
SC-34(2)
SC-7(6)
SC-35
SC-36
SC-36(1)
SC-36(2)
SC-37
SC-37(1)
SC-38
SC-39
SC-39(1)
SC-39(2)
SC-40
SC-40(1)
SC-40(2)
SC-40(3)
SC-40(4)
SC-41
SC-42
SC-42(1)
SC-42(2)
SC-9
SC-42(4)
SC-42(5)
SC-43
SC-44
SC-45
SC-45(1)
SC-45(2)
SC-46
SC-47
SC-48
SC-48(1)
SC-49
SC-50
SC-51

SC-7(5): Boundary Protection | Deny by Default — Allow by Exception

Control Text:

Deny network communications traffic by default and allow network communications traffic by exception [Selection (one or more): at managed interfaces; for [Assignment: organization-defined systems]].

Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.

Related Controls

  • None