Implement controls to prevent and detect unauthorized network connections. Establish and maintain a secure configuration baseline for all network components, following vendor instructions, industry standards, and best practices. Ensure Confidentiality, Integrity, and Availability (CIA) of data during network transmission. Prevent and detect data leakage, and secure data transfer with external parties. Implement measures to secure network traffic between internal networks and the internet/external connections. Apply encryption for all communication protocols over corporate, public, domestic, thirdparty, and wireless networks, based on data classification and risk assessments. 

Regularly review roles and responsibilities for defining, implementing, approving, changing, and reviewing firewall rules and connection filters.

Financial entities shall perform the review of firewall rules and connections filters on a regular basis according to the classification and overall risk profile of ICT systems involved. For the ICT systems supporting critical or important functions, the financial entities shall verify the adequacy of the existing firewall rules and connection filters at least every six months.