800-53|CM-7

Title

LEAST FUNCTIONALITY

Description

The organization:

Supplemental

Information systems can provide a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). Additionally, it is sometimes convenient to provide multiple services from single information system components, but doing so increases risk over limiting the services provided by any one component. Where feasible, organizations limit component functionality to a single function per device (e.g., email servers or web servers, but not both). Organizations review functions and services provided by information systems or individual components of information systems, to determine which functions and services are candidates for elimination (e.g., Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing). Organizations consider disabling unused or unnecessary physical and logical ports/protocols (e.g., Universal Serial Bus, File Transfer Protocol, and Hyper Text Transfer Protocol) on information systems to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling. Organizations can utilize network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-6,CM-2,RA-5,SA-5,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2012 Database L1 DB v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2008 R2 DB Engine L1 v1.7.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2014 Database L1 DB v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2014 Database L1 AWS RDS v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed	MS_SQLDB	CIS SQL Server 2012 Database L1 AWS RDS v1.6.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 13 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 14 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 12 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 16 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 15 OS v1.1.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 4 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 6 L1 DB v1.1.0
1.1 Ensure the appropriate MongoDB software version/patches are installed	MongoDB	CIS MongoDB 7 L1 DB v1.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 12c DB Traditional Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 18c DB Traditional Auditing v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 18c DB Unified Auditing v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed	OracleDB	CIS Oracle Server 12c DB Unified Auditing v3.0.0
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examples	Unix	CIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examples	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/docs	Unix	CIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/docs	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/host-manager	Unix	CIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/host-manager	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/manager	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/manager	Unix	CIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/ROOT	Unix	CIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/ROOT	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docs	Unix	CIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docs	Unix	CIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examples	Unix	CIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examples	Unix	CIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-manager	Unix	CIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-manager	Unix	CIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/manager	Unix	CIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/manager	Unix	CIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOT	Unix	CIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOT	Unix	CIS Apache Tomcat 10 L2 v1.1.0
1.1.1 Ensure Security Defaults is enabled on Azure Active Directory	microsoft_azure	CIS Microsoft Azure Foundations v2.0.0 L1
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS Oracle Linux 7 v4.0.0 L1 Workstation
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS CentOS Linux 7 v4.0.0 L1 Workstation
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS Red Hat EL8 Workstation L1 v3.0.0
1.1.1.1 Ensure cramfs kernel module is not available	Unix	CIS AlmaLinux OS 8 Workstation L1 v3.0.0

Detections

Analytics