STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← CA-3 (5) — Information Exchange

CCI-002080

Definition

The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.

Parent Control

CA-3 (5)Information ExchangeAssessment, Authorization, and Monitoring

Linked STIG Checks (9)

V-219057CAT IIAIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.IBM AIX 7.x Security Technical Implementation GuideV-223560CAT IIIBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.IBM z/OS ACF2 Security Technical Implementation GuideV-223780CAT IIThe IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.IBM z/OS RACF Security Technical Implementation GuideV-224006CAT IIThe IBM z/OS Policy Agent must be configured to deny-all, allow-by-exception firewall policy for allowing connections to other systems.IBM z/OS TSS Security Technical Implementation GuideV-224846CAT IIA host-based firewall must be installed and enabled on the system.Microsoft Windows Server 2016 Security Technical Implementation GuideV-214936CAT IIWindows Server 2019 must have a host-based firewall installed and enabled.Microsoft Windows Server 2019 Security Technical Implementation GuideV-254265CAT IIWindows Server 2022 must have a host-based firewall installed and enabled.Microsoft Windows Server 2022 Security Technical Implementation GuideV-251368CAT IA deny-by-default security posture must be implemented for traffic entering and leaving the enclave.Network Infrastructure Policy Security Technical Implementation GuideV-217261CAT IIThe SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide