800-53|CM-7

Title

LEAST FUNCTIONALITY

Description

The organization:

Supplemental

Information systems can provide a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). Additionally, it is sometimes convenient to provide multiple services from single information system components, but doing so increases risk over limiting the services provided by any one component. Where feasible, organizations limit component functionality to a single function per device (e.g., email servers or web servers, but not both). Organizations review functions and services provided by information systems or individual components of information systems, to determine which functions and services are candidates for elimination (e.g., Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing). Organizations consider disabling unused or unnecessary physical and logical ports/protocols (e.g., Universal Serial Bus, File Transfer Protocol, and Hyper Text Transfer Protocol) on information systems to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling. Organizations can utilize network scanning tools, intrusion detection and prevention systems, and end-point protections such as firewalls and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services.

Reference Item Details

Related: AC-6,CM-2,RA-5,SA-5,SC-7

Category: CONFIGURATION MANAGEMENT

Family: CONFIGURATION MANAGEMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 (L1) Ensure 'Allow Cortana Above Lock' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
1.1 (L1) Ensure 'Allow Cortana Above Lock' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 AWS RDS v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 AWS RDS v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2012 Database L1 DB v1.6.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2014 Database L1 DB v1.5.0
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledMS_SQLDBCIS SQL Server 2008 R2 DB Engine L1 v1.7.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 13 OS v1.2.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 16 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 15 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 12 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 14 OS v 1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 5 L1 DB v1.2.0
1.1 Ensure the appropriate MongoDB software version/patches are installedWindowsCIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedUnixCIS MongoDB 7 v1.1.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedUnixCIS MongoDB 6 v1.2.0 L1 MongoDB
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.4 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 4 L1 DB v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedMongoDBCIS MongoDB 3.2 Database Audit L1 v1.0.0
1.1 Ensure the appropriate MongoDB software version/patches are installedWindowsCIS MongoDB 7 v1.1.0 L1 MongoDB
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is InstalledOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
1.1 Ensure the Pre-Installation Planning Checklist Has Been ImplementedUnixCIS Apache HTTP Server 2.4 L1 v2.1.0
1.1 Ensure the Pre-Installation Planning Checklist Has Been ImplementedUnixCIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
1.1 Remove extraneous files and directoriesUnixCIS Apache Tomcat 10.1 v1.0.0 L2
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examplesUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examplesUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/docsUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/docsUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/host-managerUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/host-managerUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/managerUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/managerUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - /webapps/ROOTUnixCIS Apache Tomcat 10 L2 v1.1.0 Middleware
1.1 Remove extraneous files and directories - /webapps/ROOTUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docsUnixCIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docsUnixCIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examplesUnixCIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examplesUnixCIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-managerUnixCIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-managerUnixCIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/managerUnixCIS Apache Tomcat 10 L2 v1.1.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/managerUnixCIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOTUnixCIS Apache Tomcat 9 L2 v1.2.0
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOTUnixCIS Apache Tomcat 10 L2 v1.1.0
1.1.1.1 Ensure cramfs kernel module is not availableUnixCIS Debian Linux 12 v1.1.0 L1 Workstation
1.1.1.1 Ensure cramfs kernel module is not availableUnixCIS Debian Linux 11 v2.0.0 L1 Server