CCI-001762
CCI-001762 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if: - [CM-07(01)_ODP[02]; functions to be disabled or removed when deemed unnecessary or non-secure are defined] deemed to be unnecessary and/or non-secure are disabled or removed. - [CM-07(01)_ODP[03]; ports to be disabled or removed when deemed unnecessary or non-secure are defined] deemed to be unnecessary and/or non-secure are disabled or removed. - [CM-07(01)_ODP[04]; protocols to be disabled or removed when deemed unnecessary or non-secure are defined] deemed to be unnecessary and/or non-secure are disabled or removed. - [CM-07(01)_ODP[05]; software to be disabled or removed when deemed unnecessary or non-secure is defined] deemed to be unnecessary and/or non-secure is disabled or removed. - [CM-07(01)_ODP[06]; services to be disabled or removed when deemed unnecessary or non-secure are defined] deemed to be unnecessary and/or non-secure are disabled or removed.
Validation Procedures
Examine: [SELECT FROM: Configuration management policy; procedures addressing least functionality in the system; configuration management plan; system design documentation; system configuration settings and associated documentation; common secure configuration checklists; documented reviews of functions, ports, protocols, and/or services; change control records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for reviewing functions, ports, protocols, and services on the system; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Organizational processes for reviewing or disabling functions, ports, protocols, and services on the system; mechanisms implementing review and disabling of functions, ports, protocols, and/or services].