Network segments and servers with applications or content must allow access only to the necessary ports.
HIPAA Security Rules 164.312(e)(1): Transmission Security: Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
NERC CIP-007-6. B. Requirements and measures. R1.1 Where technically feasible, enable only logical network accessible ports that have been determined to be needed by the Responsible Entity, including port ranges or services where needed to handle dynamic ports.
PCI DSS v3.2.1 - Requirement 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.
PCI DSS v3.2.1 - Requirement 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.
PCI DSS v3.2.1 - Requirement 1.3.5 Permit only "established" connections into the network.
PCI DSS v3.2.1 - Requirement 2.2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system.