Level 5 CMMC - CMMC Practices

SC.5.230  

Reference: CMMC 1.02

Family: SC

Level Introduced: 5

Practice:
Enforce port and protocol compliance.

CMMC Clarification:
Organizations shall enforce traffic crossing the network boundary is in compliance with the standard for the protocol in question and using the appropriate well-known port. If the port or protocol is not known the traffic should be blocked.

Example 1
You are a network engineer for your organization. You have a NextGen firewall installed on the Internet edge of the network and have configured the firewall to perform protocol enforcement and block traffic that is not known or specifically approved by the organization’s security policy.

Example 2
You are a network engineer for your organization. You have configured the IPS device to monitor and block traffic that is not in compliance with standard or protocols approved for users to access the Internet.

Malicious actors are able to perform command and control and exfiltration of data by running their own protocols over well-known ports or by hijacking fields within a common protocol. By defining allowed ports and protocols, and only allowing proper protocol syntax on the correct authorized ports, the malicious activity is stopped.

Source: CMMC v1.02

SC-7 (17)

BOUNDARY PROTECTION | AUTOMATED ENFORCEMENT OF PROTOCOL FORMATS

Description:
The information system enforces adherence to protocol formats.

Supplemental Guidance:
Information system components that enforce protocol formats include, for example, deep packet inspection firewalls and XML gateways. Such system components verify adherence to protocol formats/specifications (e.g., IEEE) at the application layer and identify significant vulnerabilities that cannot be detected by devices operating at the network or transport layers. Related control: SC-4.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02