System And Communications Protection
Enforce port and protocol compliance.
Organizations shall enforce traffic crossing the network boundary is in compliance with the standard for the protocol in question and using the appropriate well-known port. If the port or protocol is not known the traffic should be blocked. Example 1 You are a network engineer for your organization. You have a NextGen firewall installed on the Internet edge of the network and have configured the firewall to perform protocol enforcement and block traffic that is not known or specifically approved by the organization’s security policy. Example 2 You are a network engineer for your organization. You have configured the IPS device to monitor and block traffic that is not in compliance with standard or protocols approved for users to access the Internet.
CMMC Malicious actors are able to perform command and control and exfiltration of data by running their own protocols over well-known ports or by hijacking fields within a common protocol. By defining allowed ports and protocols, and only allowing proper protocol syntax on the correct authorized ports, the malicious activity is stopped.
CIS Controls v7.1 9.2
NIST 800-53 Rev 4 SC-7(17)