The security configuration of such devices must be documented, reviewed, and approved by an organization's change control committee. Any deviations from the standard configuration or updates to the standard configuration must be documented and approved in a change control system. At network interconnection points, such as Internet gateways, inter-organizational connections, and internal network segments with varying security controls, implement ingress and egress filters to allow only ports and protocols with an explicit, documented business need. All other ports and protocols must be blocked with predefined denial rules by firewalls, network-based IPS and/or routers. All new configuration rules beyond a basic hardened configuration that allow traffic to flow through network security devices, such as firewalls and network-based IPSs, should be documented and logged in a configuration management system, with a business rationale specific to each change, the name of the specific person responsible for the business need, and the expected duration of the need. Network filtering technologies employed across networks with different security levels (firewalls, network-based IPS tools, and routers with access control lists) should be implemented with capabilities to filter Internet Protocol version 6 (IPv6) traffic. THE