NET-04: Data Flow Enforcement – Access Control Lists...

NET-04 · Data Flow Enforcement – Access Control Lists (ACLs)

Control Description

Mechanisms exist to implement and govern Access Control Lists (ACLs) to provide data flow enforcement that explicitly restrict network traffic to only what is authorized.

Control Question

Assessment question for control validation

Does the organization implement and govern Access Control Lists (ACLs) to provide data flow enforcement that explicitly restrict network traffic to only what is authorized?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Tier 3 - Tactical

Core Control Designations

Special designations and baseline inclusions

MAD: NET-04

ESP Level 1: NET-04

ESP Level 2: NET-04

ESP Level 3: NET-04