STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-7 (5) — Boundary Protection

CCI-001109

Definition

Deny network communications traffic by default and allow network communications traffic by exception at managed interfaces; and/or for organization-defined systems.

Parent Control

SC-7 (5)Boundary ProtectionSystem and Communications Protection

Linked STIG Checks (28)

V-237039CAT IIThe A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured.A10 Networks ADC ALG Security Technical Implementation Guide V-204954CAT IIThe ALG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Application Layer Gateway Security Requirements Guide V-256015CAT IThe Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Arista MLS EOS 4.2x Router Security Technical Implementation Guide V-256015CAT IThe Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-216572CAT IThe Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Cisco IOS Router RTR Security Technical Implementation Guide V-220440CAT IThe Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception.Cisco IOS Switch RTR Security Technical Implementation Guide V-216662CAT IThe Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Cisco IOS XE Router RTR Security Technical Implementation Guide V-221007CAT IThe Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception.Cisco IOS XE Switch RTR Security Technical Implementation Guide V-216752CAT IThe Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Cisco IOS XR Router RTR Security Technical Implementation Guide V-221087CAT IThe Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception.Cisco NX OS Switch RTR Security Technical Implementation Guide V-266261CAT IThe F5 BIG-IP appliance must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).F5 BIG-IP TMOS Firewall Security Technical Implementation Guide V-206694CAT IThe firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Firewall Security Requirements Guide V-254009CAT IThe Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Juniper EX Series Switches Router Security Technical Implementation Guide V-217029CAT IThe Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Juniper Router RTR Security Technical Implementation Guide V-214535CAT IIThe Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Juniper SRX Services Gateway ALG Security Technical Implementation Guide V-228845CAT IIThe Palo Alto Networks security platform must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Palo Alto Networks ALG Security Technical Implementation Guide V-273604CAT IThe RUCKUS ICX perimeter router must be configured to deny network traffic by default and allow network traffic by exception.RUCKUS ICX Router Security Technical Implementation Guide V-281354CAT IIRHEL 10 must not accept router advertisements on all Internet Protocol version 6 (IPv6) interfaces.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-207132CAT IThe perimeter router must be configured to deny network traffic by default and allow network traffic by exception.Router Security Requirements Guide V-22583CAT IIThe systems local firewall must implement a deny-all, allow-by-exception policy.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-279168CAT IIThe Edge SWG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Symantec Edge SWG ALG Security Technical Implementation Guide V-94327CAT IISymantec ProxySG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).Symantec ProxySG ALG Security Technical Implementation Guide V-265619CAT IIThe NSX Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Distributed Firewall Security Technical Implementation Guide V-265368CAT IIThe NSX Tier-0 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide V-265494CAT IIThe NSX Tier-1 Gateway firewall must deny network communications traffic by default and allow network communications traffic by exception.VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide V-251729CAT IIIThe NSX-T Distributed Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Distributed Firewall Security Technical Implementation Guide V-251765CAT IIThe NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide V-251740CAT IIThe NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).VMware NSX-T Tier-0 Gateway Firewall Security Technical Implementation Guide