<img src="/assets/images/blog/2026/4/how-to-configure-deny-all-permit-by-exception-in-aws-for-nist-sp-800-171-rev2-cmmc-20-level-2-control-scl2-3136-practical-vpc-and-security-group-rules.jpg" alt="How to Configure "Deny All, Permit by Exception" in AWS for NIST SP 800-171 REV.2 / CMMC 2.0 Level 2 - Control - SC.L2-3.13.6: Practical VPC and Security Group Rules" loading="lazy" width="800" height="450">
NIST 800-171 · CMMC L2
·Apr 2026
SC.L2-3.13.6: Configure \"Deny All, Permit by Exception\" in AWS
Step-by-step guidance for implementing a 'deny all, permit by exception' network posture in AWS to satisfy NIST SP 800-171 Rev.2 / CMMC 2.0 L2 Control SC.L2-3.13.6 using VPC design, Security Groups, NACLs, and automation.
<a href="/how-to-configure-deny-all-permit-by-exception-in-aws-for-nist-sp-800-171-rev2-cmmc-20-level-2-control-scl2-3136-practical-vpc-and-security-group-rules" class="link-cover" aria-label="SC.L2-3.13.6: Configure \"Deny All, Permit by Exception\" in AWS"></a>