2.5 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
cm-7.1 - [catalog] Periodic Review
Control Statement
-
[a] Review the system frequency to identify unnecessary and/or nonsecure functions, ports, protocols, software, and services; and
-
[b] Disable or remove organization-defined functions, ports, protocols, software, and services within the system deemed to be unnecessary and/or nonsecure.
Control guidance
Organizations review functions, ports, protocols, and services provided by systems or system components to determine the functions and services that are candidates for elimination. Such reviews are especially important during transition periods from older technologies to newer technologies (e.g., transition from IPv4 to IPv6). These technology transitions may require implementing the older and newer technologies simultaneously during the transition period and returning to minimum essential functions, ports, protocols, and services at the earliest opportunity. Organizations can either decide the relative security of the function, port, protocol, and/or service or base the security decision on the assessment of other entities. Unsecure protocols include Bluetooth, FTP, and peer-to-peer networking.
Control assessment-objective
the system is reviewed frequency to identify unnecessary and/or non-secure functions, ports, protocols, software, and services: functions deemed to be unnecessary and/or non-secure are disabled or removed; ports deemed to be unnecessary and/or non-secure are disabled or removed; protocols deemed to be unnecessary and/or non-secure are disabled or removed; software deemed to be unnecessary and/or non-secure is disabled or removed; services deemed to be unnecessary and/or non-secure are disabled or removed.
What is the solution and how is it implemented?
Implementation (a)
Add control implementation description here for item cm-7.1_smt.a
Implementation (b)
Add control implementation description here for item cm-7.1_smt.b