Configure network protection settings to organizational standards.
CONTROL ID 07601
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the "CNI" plugin to organizational standards., CC ID: 14659
Configure the "data-path-addr" argument to organizational standards., CC ID: 14546
Configure the "advertise-addr" argument to organizational standards., CC ID: 14544
Configure the "nftables" to organizational standards., CC ID: 15320
Configure the "iptables" to organizational standards., CC ID: 14463
Configure the "insecure registries" to organizational standards., CC ID: 14455
Configure the "MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards., CC ID: 07602
Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to organizational standards., CC ID: 07648
Configure the "net-host" argument to organizational standards., CC ID: 14529
Configure the "firewalld" to organizational standards., CC ID: 15321
Configure the "network bridge" to organizational standards., CC ID: 14501
Configure the "Windows Firewall: Domain: Firewall state" to organizational standards., CC ID: 07667
Configure the "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" to organizational standards., CC ID: 07680
Configure the "Windows Firewall: Public: Outbound connections" to organizational standards., CC ID: 07695
Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." to organizational standards, CC ID: 07703
Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" to organizational standards., CC ID: 07733
Configure the "publish" argument to organizational standards., CC ID: 14500
Configure the "Windows Firewall: Private: Inbound connections" to organizational standards., CC ID: 07747
Configure the "Windows Firewall: Private: Apply local firewall rules" to organizational standards., CC ID: 07777
Configure the "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" to organizational standards., CC ID: 07801
Configure the "Windows Firewall: Private: Firewall state" to organizational standards., CC ID: 07803
Configure the "Windows Firewall: Domain: Apply local connection security rules" to organizational standards., CC ID: 07805
Configure the "Windows Firewall: Domain: Apply local firewall rules" to organizational standards., CC ID: 07833
Configure the "Windows Firewall: Public: Display a notification" to organizational standards., CC ID: 07836
Configure the "Windows Firewall: Domain: Outbound connections" to organizational standards., CC ID: 07839
Configure the "Windows Firewall: Public: Apply local firewall rules" to organizational standards., CC ID: 07850
Configure the "Windows Firewall: Domain: Inbound connections" to organizational standards., CC ID: 07851
Configure the "Windows Firewall: Private: Outbound connections" to organizational standards., CC ID: 07858
Configure the "Windows Firewall: Public: Firewall state" to organizational standards., CC ID: 07861
Configure the "Windows Firewall: Domain: Display a notification" to organizational standards., CC ID: 07868
Configure the "Windows Firewall: Public: Inbound connections" to organizational standards., CC ID: 07872
Configure the "Windows Firewall: Public: Allow unicast response" to organizational standards., CC ID: 07873
Configure the "Windows Firewall: Private: Allow unicast response" to organizational standards., CC ID: 07885
Configure the "Windows Firewall: Public: Apply local connection security rules" to organizational standards., CC ID: 07890
Configure the "Windows Firewall: Domain: Allow unicast response" to organizational standards., CC ID: 07893
Configure the "Windows Firewall: Private: Apply local connection security rules" to organizational standards., CC ID: 07896
Configure the "Windows Firewall: Private: Display a notification" to organizational standards., CC ID: 07902
Configure the "Windows Firewall: Protect all network connections" to organizational standards., CC ID: 08161
Configure the "Windows Firewall: Allow inbound UPnP framework exceptions" to organizational standards., CC ID: 08170
Configure the "Windows Firewall: Allow local program exceptions" to organizational standards., CC ID: 08173
Configure the "Windows Firewall: Do not allow exceptions" to organizational standards., CC ID: 08184
Configure the "MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)" to organizational standards., CC ID: 08208
Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to organizational standards., CC ID: 08210
Configure the "Windows Firewall: Allow local port exceptions" to organizational standards., CC ID: 08214
Configure the "Windows Firewall: Define inbound port exceptions" to organizational standards., CC ID: 08215
Configure the "Windows Firewall: Prohibit unicast response to multicast or broadcast requests" to organizational standards., CC ID: 08217
Configure the "Windows Firewall: Prohibit notifications" to organizational standards., CC ID: 08249
Configure the "Windows Firewall: Allow inbound file and printer sharing exception" to organizational standards., CC ID: 08275
Configure the "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" to organizational standards., CC ID: 08279
Configure the "Windows Firewall: Define inbound program exceptions" to organizational standards., CC ID: 08282
Configure the "Windows Firewall: Allow ICMP exceptions" to organizational standards., CC ID: 08289
Configure the "Windows Firewall: Allow inbound Remote Desktop exceptions" to organizational standards., CC ID: 08295
Configure the "Allow unencrypted traffic" to organizational standards., CC ID: 08383
Configure the "Windows Firewall: Private: Logging: Log successful connections" to organizational standards., CC ID: 08466
Configure the "Windows Firewall: Public: Logging: Size limit (KB)" to organizational standards., CC ID: 08494
Configure the "Windows Firewall: Domain: Logging: Log successful connections" to organizational standards., CC ID: 08544
Configure the "Windows Firewall: Private: Logging: Name" to organizational standards., CC ID: 08595
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
If an unauthorized change is detected to the software, the device should alert the user and/or administrator to the issue and should not connect to wider networks than those necessary to perform the alerting function. (Provision 5.7-2, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
Wireless use control may be implemented in different devices that make up the system. Network devices may be one of the devices that assist with use control through controls such as network admission control. For devices and applications that utilize wireless networks those devices should be able to… (6.4.2 ΒΆ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)