NIST 800-171 R-3.13.6
Deny by Default at Boundaries
Official citation: 3.13.6
Class: core · Severity: high
Statement of the obligation — verify against source
3.13.6
What it means
Configure boundary protections to deny network traffic by default and allow it only by exception (deny all, permit by exception). Starting from "block everything" and explicitly permitting only what's needed minimizes your exposure.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.