Catalogs
Reference Schemes
CCI: Control Correlation Identifier
CCI-001109

CCI-001109

Deny network communications traffic by default and allow network communications traffic by exception at managed interfaces; and/or for organization-defined systems.

Details
Associations

The A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured.

1 rule found Severity: Medium

Symantec ProxySG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: Medium

The NSX-T Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: Low

The NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

2 rules found Severity: Medium

The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception.

1 rule found Severity: High

The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception.

3 rules found Severity: High

The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.

3 rules found Severity: High

The F5 BIG-IP appliance must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: High

The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.

2 rules found Severity: High

The perimeter router must be configured to deny network traffic by default and allow network traffic by exception.

1 rule found Severity: High

The ALG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: Medium

The firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: High

The Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: Medium

The Palo Alto Networks security platform must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

1 rule found Severity: Medium

The NSX Tier-0 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception.

1 rule found Severity: Medium

The NSX Tier-1 Gateway firewall must deny network communications traffic by default and allow network communications traffic by exception.

1 rule found Severity: Medium

The NSX Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception.

1 rule found Severity: Medium