CMMC Practice RM.4.151: Perform scans for unauthorized ports available across perimeter network boundaries over the organization’s Internet network boundaries and other organizationally defined boundaries.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Organizations need to perform actions to validate the implementation of the enterprise security architecture that restricts connections at trusted network boundaries. Mature organizations design, implement, document their security mechanisms, and they perform actions that help identify whether or not the security mechanisms are in place and working as expected. Even the best security practitioners have been known to make a slight mistake on a configuration of a security mechanism and find out later that the component is not providing the protection necessary to keep the environment secure.