Back to Control Explorer



Control Acronym



System And Communications Protection

CMMC Level


800-171 Control #


CMMC Description

Enforce port and protocol compliance.

CMMC Clarification

Organizations shall enforce traffic crossing the network boundary is in compliance with the standard for the protocol in question and using the appropriate well-known port. If the port or protocol is not known the traffic should be blocked. Example 1 You are a network engineer for your organization. You have a NextGen firewall installed on the Internet edge of the network and have configured the firewall to perform protocol enforcement and block traffic that is not known or specifically approved by the organization’s security policy. Example 2 You are a network engineer for your organization. You have configured the IPS device to monitor and block traffic that is not in compliance with standard or protocols approved for users to access the Internet.

800-171 Description

800-171 Discussion


Other Source Discussion

CMMC Malicious actors are able to perform command and control and exfiltration of data by running their own protocols over well-known ports or by hijacking fields within a common protocol. By defining allowed ports and protocols, and only allowing proper protocol syntax on the correct authorized ports, the malicious activity is stopped.

CIS Control References

CIS Controls v7.1 9.2

NIST 800-53 Control Ref.

NIST 800-53 Rev 4 SC-7(17)

CMMC Derived


NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

Assessment Sub-Criteria 2

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15