Looking at a sample configuration, at:
Seems they are updating the outside access-list in order for the inside hosts to telnet, and ssh to outside. I was under impression that this update should be done on the inside interface. Is this new on ASA? because on pix it was done on the inside acl as of 7.0, and before you did not use to need any access update to go from inside to outside.
The access-list mentioned in that document is 'optional'. You can very well skip it (depending on your security policy).
By default all higher >> lower communication is allowed. However once you do make an access-list on the higher interface the implicit 'deny ip any any' at the end of the ACL kicks in. You have to design your ACL based on that rule. As you know, the same is true for 'all' interfaces on a router. By default all is allowed, but once you put an ACL.....the deny ip any any at the end comes into effect.
The document is just mentioning that ACL as a security best practice. The ACL for MPF is required tough (outside_mpc).
Please rate if helpful.