💼 CM-7 LEAST FUNCTIONALITY

• Contextual name: 💼 CM-7 LEAST FUNCTIONALITY
• ID: /frameworks/nist-sp-800-53-r4/cm/07
• Located in: 💼 CM CONFIGURATION MANAGEMENT

Description

The organization: CM-7a. Configures the information system to provide only essential capabilities; and CM-7b. Prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined prohibited or restricted functions, ports, protocols, and/or services].

Similar

• Internal
  • ID: dec-c-69a5caa2

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)		4	26
💼 NIST CSF v1.1 → 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities		21	30

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CM-7 (1) PERIODIC REVIEW		3	4
💼 CM-7 (2) PREVENT PROGRAM EXECUTION
💼 CM-7 (3) REGISTRATION COMPLIANCE
💼 CM-7 (4) UNAUTHORIZED SOFTWARE _ BLACKLISTING
💼 CM-7 (5) AUTHORIZED SOFTWARE _ WHITELISTING

Policies (7)

Policy	Logic Count	Flags
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS S3 Bucket is not configured to block public access 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 Azure Cosmos DB Account Virtual Network Filter is not enabled 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-46a83a30	1
✉️ dec-x-791dab13	1
✉️ dec-x-4002ecfe	1
✉️ dec-x-bcae85fb	2
✉️ dec-x-d5fbfc40	1
✉️ dec-x-ec547a7c	1