MID-083: Network Firewall/Access Control List
Mitigation Tier: Foundational
Description
If a device has routing capabilities, the device should have a firewall and access control list (ACL) present to prevent unintended network connections from being made and maintained. Firewalls and ACLs, when properly configured, can be used to drop packets and block undesired data flows.
Note: Any change to this firewall and ACL rules should be logged for future audits (MID-017 - Security-relevant Auditing and Logging) and authenticated to prevent threat actor tampering (MID-018 - Require Authentication for Privileged Functions).
IEC 62443 4-2 Mappings
- CR 5.1 – Network segmentation