NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-7(19)Block Communication from Non-organizationally Configured Hosts

Block inbound and outbound communications traffic between {{ insert: param, sc-07.19_odp }} that are independently configured by end users and external service providers.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Communication clients independently configured by end users and external service providers include instant messaging clients and video conferencing software and applications. Traffic blocking does not apply to communication clients that are configured by organizations to perform authorized functions.

Practitioner Notes

Block network traffic from internal hosts that have not been configured according to your organization's standards. If a device is not properly managed, it should not be allowed to communicate.

Example 1: Use 802.1X with Microsoft NPS (Network Policy Server) to check device health before granting network access. Machines that lack current antivirus definitions, are missing patches, or are not domain-joined get placed on a remediation VLAN with limited access.

Example 2: Deploy Microsoft Intune compliance policies for all endpoints. Devices that do not meet compliance requirements (encryption enabled, firewall on, up-to-date OS) are automatically blocked from accessing corporate resources through Conditional Access policies.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability