I havent look for such a document but what I can tell you is the following?
ICMP is a protocol that let us troubleshoot or test whether IP routing is good on our network or if a host is live on our network so I can tell you that from that perspective this is definetly something good (Not to mention some of the other good usage that we can provide to this protocol such for PATH MTU Discovery, etc).
But you also have to be careful with this protocol as we all know it's also used to scan or discover hosts on our network.. Even to perform DoS attacks (Smurf attack, etc).
So what's the whole point of this post:
Well at least on my opinion I would allow ICMP on my network but I would definetly permit only the right ICMP code messages and I would protect my network against any known vulnerability regarding DoS attacks with ICMP, In this case I will still take advantage of the really useful protocol while protecting my enviroment,
As mentioned above, I'd allow only the specific ICMP types/code for troubleshooting. Echo, Echo Reply, Packet-Too-Big, etc. This way all others are blocked. I'd block ICMP fragments as well. You'd also want an IPS to block specific types of attacks.
For IPv4, IPv6 relies on ICMP for much more and you'll need to be much more careful.
Network Security Architectures is a pretty decent book for questions like this,
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...