---
names:
  full: AWS VPC Network ACL exposes admin ports to public internet
    ports
  contextual: Network ACL exposes admin ports to public internet
description: "The Network Access Control List (NACL) function provide stateless filtering\
  \ of ingress and egress network traffic to AWS resources. It is recommended that\
  \ no NACL allows unrestricted ingress access to remote server administration ports,\
  \ such as SSH to port 22 and RDP to port 3389, using either the TCP (6), UDP (17)\
  \ or ALL (-1) protocols."
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-aws-v6.0.0/06/02"
  - "/frameworks/cloudaware/resource-security/network-exposure"
  - "/frameworks/aws-fsbp-v1.0.0/ec2/21"
similarPolicies:
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/VPC/acl-inbound-access-on-admin-ports.html
      name: Unrestricted Inbound Traffic on Remote Server Administration Ports