STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SC-7 (5)

System and Communications ProtectionRev 5system

Boundary Protection

Baselines:ModerateHigh

Control Statement

Deny network communications traffic by default and allow network communications traffic by exception [Selection: organization-defined value].

Supplemental Guidance

Denying by default and allowing by exception applies to inbound and outbound network communications traffic. A deny-all, permit-by-exception network communications traffic policy ensures that only those system connections that are essential and approved are allowed. Deny by default, allow by exception also applies to a system that is connected to an external system.

CCI Identifiers (2)

CCI-001109Deny network communications traffic by default and allow network communications traffic by exception at managed interfaces; and/or for organization-defined systems.CCI-004872Defines the systems that will deny network communications traffic by default and allow network communications traffic by exception.

Linked STIG Checks (28)

Across 28 STIGs. Click to expand.