Network segments and servers with applications or content must allow access only to the necessary ports.
CIS Controls. 9.2 Ensure Only Approved Ports, Protocols, and Services Are Running: Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
CIS Controls. 12.4 Deny Communication Over Unauthorized Ports: Deny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization’s network boundaries.
HIPAA Security Rules 164.312(e)(1): Transmission Security: Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
NERC CIP-007-6. B. Requirements and measures. R1.1: Where technically feasible, enable only logical network accessible ports that have been determined to be needed by the Responsible Entity, including port ranges or services where needed to handle dynamic ports.
PCI DSS v3.2.1 - Requirement 1.3.1: Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.
PCI DSS v3.2.1 - Requirement 1.3.2: Limit inbound Internet traffic to IP addresses within the DMZ.
PCI DSS v3.2.1 - Requirement 1.3.5: Permit only "established" connections into the network.
PCI DSS v3.2.1 - Requirement 2.2.2: Enable only necessary services, protocols, daemons, etc., as required for the function of the system.