HOME

CM-7 (1)

CM-7 (1) H M
Description

The organization:
(a) Reviews the information system [Assignment: organization-defined frequency] to identify unnecessary and/or nonsecure functions, ports, protocols, and services; and
(b) Disables [Assignment: organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure].

FedRAMP
  • H CM-7 (1) (a) [at least monthly]
  • M CM-7 (1) (a) [at least monthly]
DISA Cloud Computing SRG

a. every 30 days;
b. Not appropriate to define unnecessary functions, ports, protocols and service at the Enterprise level. Nonsecure functions, ports, protocols and services are defined in DoDI 8551.01.

Source:
DoD RMF TAG

Supplemental Guidance

The organization can either make a determination of the relative security of the function, port, protocol, and/or service or base the security decision on the assessment of other entities. Bluetooth, FTP, and peer-to-peer networking are examples of less than secure protocols.

Related Controls
AC-18 CM-7 IA-2