zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 16:32:15 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/cm-7.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

2.6 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

cm-7 - [catalog] Least Functionality

Control Statement

  • [a] Configure the system to provide only mission-essential capabilities ; and

  • [b] Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Control guidance

Systems provide a wide variety of functions and services. Some of the functions and services routinely provided by default may not be necessary to support essential organizational missions, functions, or operations. Additionally, it is sometimes convenient to provide multiple services from a single system component, but doing so increases risk over limiting the services provided by that single component. Where feasible, organizations limit component functionality to a single function per component. Organizations consider removing unused or unnecessary software and disabling unused or unnecessary physical and logical ports and protocols to prevent unauthorized connection of components, transfer of information, and tunneling. Organizations employ network scanning tools, intrusion detection and prevention systems, and end-point protection technologies, such as firewalls and host-based intrusion detection systems, to identify and prevent the use of prohibited functions, protocols, ports, and services. Least functionality can also be achieved as part of the fundamental design and development of the system (see SA-8, SC-2 , and SC-3).

Control assessment-objective

the system is configured to provide only mission-essential capabilities; the use of functions is prohibited or restricted; the use of ports is prohibited or restricted; the use of protocols is prohibited or restricted; the use of software is prohibited or restricted; the use of services is prohibited or restricted.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item cm-7_smt.a

Implementation b.

Add control implementation description here for item cm-7_smt.b