A deny-all and allow-by-exception firewall policy _MUST_ be employed for managing connections to other systems. Organizations _MUST_ ensure the built-in packet filter firewall is configured correctly to employ the default deny rule. Failure to restrict network connectivity to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate the exfiltration of data. If you are using a third-party firewall solution, this setting does not apply.