Navigate

CCI-001761

CCI-001761 Definition

The organization defines the functions, ports, protocols, and services within the information system that are to be disabled when deemed unnecessary and/or nonsecure.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed must define and document in the system security plan, the functions, ports, protocols and services within the information system that are to be disabled when deemed unnecessary. DoD has determined that it is not appropriate to define unnecessary functions, ports, protocols and service at the Enterprise level. Nonsecure functions, ports, protocols and services are defined in DoDI 8551.01.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the system security plan to ensure the organization being inspected/assessed defines the functions, ports, protocols and services within the information system that are to be disabled when deemed unnecessary. DoD has determined that it is not appropriate to define unnecessary functions, ports, protocols and service at the Enterprise level. Nonsecure functions, ports, protocols and services are defined in DoDI 8551.01.

Compelling Evidence

1.) Disapproved ports, protocols, and/or services list

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001761.

Control	Description
CM-7 (1)	The organization: CM-7 (1)(a): Reviews the information system [Assignment: organization-defined frequency] to identify unnecessary and/or nonsecure functions, ports, protocols, and services; and CM-7 (1)(b): Disables [Assignment: organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure].