Skip to main content

πŸ’Ό CM-7 Least Functionality (L)(M)(H)

  • Contextual name: πŸ’Ό CM-7 Least Functionality (L)(M)(H)
  • ID: /frameworks/fedramp-low-security-controls/cm/07
  • Located in: πŸ’Ό Configuration Management

Description​

a. Configure the system to provide only [Assignment: organization-defined mission essential capabilities]; and

b. Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: [Assignment: organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services].

CM-7 Additional FedRAMP Requirements and Guidance:

(b) Requirement: The service provider shall use Security guidelines (See CM-6) to establish list of prohibited or restricted functions, ports, protocols, and/or services or establishes its own list of prohibited or restricted functions, ports, protocols, and/or services if STIGs or CIS is not available.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/cm/07
    • /frameworks/fedramp-high-security-controls/cm/07
  • Internal
    • ID: dec-c-ff33d573

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CM-7 Least Functionality (L)(M)(H)31821
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-7 Least Functionality911

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (18)​

PolicyLogic CountFlags
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted FTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted RPC traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted SMTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MySQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted Telnet traffic 🟒1🟒 x6
πŸ“ AWS RDS Instance Auto Minor Version Upgrade is not enabled 🟠🟒1🟠 x1, 🟒 x6
πŸ“ AWS VPC Network ACL exposes admin ports to public internet ports 🟒1🟒 x6
πŸ“ Azure App Service does not run the latest Java version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest PHP version 🟒🟒 x3
πŸ“ Azure App Service does not run the latest Python version 🟒🟒 x3
πŸ“ Azure Network Security Group allows unrestricted RDP access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted SSH access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted UDP access from the Internet 🟒1🟒 x6