The configuration line denies a specific Modbus function code, which is a command-level filter for industrial protocols.
This type of control is typical of an application firewall (D) designed to understand and filter industrial control system protocols at the application layer.
A network firewall (A) typically filters traffic based on IP addresses, ports, and protocols, but not protocol function codes.
NIDS (B) detects and alerts on suspicious traffic but does not usually enforce blocking rules.
SIEM (C) collects and analyzes logs, not real-time blocking.
GICSP emphasizes the role of application-layer firewalls in protecting ICS protocols like Modbus.
[Reference:, , GICSP Official Study Guide, Domain: ICS Security Architecture & Design, , NIST SP 800-82 Rev 2, Section 5.5 (Application Layer Security), , GICSP Training on ICS Protocol Security Controls]
Submit