The security configuration of these devices must be documented, reviewed and approved by an organizational change control committee. Any deviation from the standard configuration or any updates to the standard configuration must be documented and approved in a change control system. At network interconnection points, such as Internet gateways, inter-organization connections, and internal network segments with different security controls, implement ingress and egress filtering to allow only ports and protocols with a business need explicit and documented. All other ports and protocols should be blocked with default deny rules by firewalls, network-based IPS, and/or routers. Any new configuration rules beyond a hardened base configuration that allow traffic to flow through network security devices, such as firewalls and network-based IPS, must be documented and recorded in a configuration management system, with a specific business reason for each change, the name of the specific person responsible for that business need, and the expected duration of the need. Network filtering technologies used between networks with different security levels (firewalls, network-based IPS tools, and routers with access control lists) should be deployed with capabilities to filter Internet Protocol traffic version 6 (IPv6). THE