800-53|CM-7

Title

LEAST FUNCTIONALITY

Description

The organization:

Supplemental

Information systems can provide a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). Additionally, it is sometimes convenient to provide multiple services from single information system components, but doing so increases risk over limiting the services provided by any one component. Where feasible, organizations limit component functionality to a single function per device (e.g., email servers or web servers, but not both). Organizations review functions and services provided by information systems or individual components of information systems, to determine which functions and services are candidates for elimination (e.g., Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing). Organizations consider disabling unused or unnecessary physical and logical ports/protocols (e.g., Universal Serial Bus, File Transfer Protocol, and Hyper Text Transfer Protocol) on information systems to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling. Organizations can utilize network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services.

Reference Item Details

Related: AC-6,CM-2,RA-5,SA-5,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 4 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Red Hat EL8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklistUnixCIS Oracle Linux 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Rocky Linux 8 Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 7 v3.1.2 Workstation L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL7 Server L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat EL7 Workstation L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Workstation L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Server L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Amazon Linux 2 v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS 7 v3.1.2 Server L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat EL7 Workstation L1 v3.1.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Amazon Linux 2 v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Rocky Linux 8 Server L1 v1.0.0