NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(17)Automated Enforcement of Protocol Formats

Enforce adherence to protocol formats.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

System components that enforce protocol formats include deep packet inspection firewalls and XML gateways. The components verify adherence to protocol formats and specifications at the application layer and identify vulnerabilities that cannot be detected by devices operating at the network or transport layers.

Practitioner Notes

Your boundary devices should automatically enforce protocol compliance — rejecting malformed packets, invalid protocol sequences, or unexpected data formats before they reach internal systems.

Example 1: Enable protocol validation on your next-gen firewall. Palo Alto's App-ID, for example, decodes application protocols and blocks traffic that claims to be HTTP but contains non-HTTP data (like tunneled traffic or command-and-control communications).

Example 2: Deploy a WAF (ModSecurity, AWS WAF) in front of your web applications that validates HTTP requests against RFC standards. Malformed requests, oversized headers, or unusual encoding are automatically blocked before reaching the application server.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability