Skip to main content

💼 CM-7 LEAST FUNCTIONALITY

  • ID: /frameworks/nist-sp-800-53-r4/cm/07

Description

The organization: CM-7a. Configures the information system to provide only essential capabilities; and CM-7b. Prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined prohibited or restricted functions, ports, protocols, and/or services].

Similar

  • Internal
    • ID: dec-c-69a5caa2

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)426no data
💼 NIST CSF v1.1 → 💼 PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities2130no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 CM-7 (1) PERIODIC REVIEW34no data
💼 CM-7 (2) PREVENT PROGRAM EXECUTIONno data
💼 CM-7 (3) REGISTRATION COMPLIANCEno data
💼 CM-7 (4) UNAUTHORIZED SOFTWARE _ BLACKLISTINGno data
💼 CM-7 (5) AUTHORIZED SOFTWARE _ WHITELISTINGno data

Policies (7)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-46a83a301
✉️ dec-x-791dab131
✉️ dec-x-4002ecfe1
✉️ dec-x-bcae85fb2
✉️ dec-x-d5fbfc401
✉️ dec-x-ec547a7c1