💼 [EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

• Contextual name: 💼 [EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389

• ID: /frameworks/aws-fsbp-v1.0.0/ec2/21

• Located in: 💼 Elastic Compute Cloud (EC2)

Description

Access to remote server administration ports, such as port 22 (SSH) and port 3389 (RDP), should not be publicly accessible, as this may allow unintended access to resources within your VPC.

Similar

• AWS Security Hub
  • https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-21
• Internal
  • ID: dec-c-5c49db5a

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows		37	46
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			21
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		25
💼 NIST SP 800-53 Revision 5 → 💼 CM-2(2) Baseline Configuration _ Automation Support for Accuracy and Currency			15
💼 NIST SP 800-53 Revision 5 → 💼 CM-7 Least Functionality	9		23
💼 NIST SP 800-53 Revision 5 → 💼 SC-7 Boundary Protection	29	4	50
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(5) Boundary Protection _ Deny by Default — Allow by Exception		4	18
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(21) Boundary Protection _ Isolation of System Components			22
💼 PCI DSS v4.0.1 → 💼 1.3.1 Inbound traffic to the CDE is restricted.			35

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS VPC Network ACL exposes admin ports to public internet ports 🟢	1	🟢 x6