CMMC 1.0 Practice CM.2.062 Requirement:
Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
CMMC 1.0 CM.2.062 Requirement Explanation:
By removing non-mission essential software, ports, and services from your system you are reducing their attack surface.
Example CMMC 1.0 CM.2.062 Implementation:
Review the systems deployed at your company and remove non-essential software, ports, and services. Your systems should only have enough functionality to complete their mission.
CMMC 1.0 CM.2.062 Scenario(s):
- Scenario 1:
Alice, a system administrator wants to ensure that her servers are configured in accordance with the prinicpal of least functionality. She runs port scans against them and identifies several open ports that are non-essential. She closes the ports thus reducing their attack surface.
- Scenario 2:
Alice conducts an audit of her company's workstations and discovers that several users have installed video games on their computers. She uninstalls the games and any other non-essential software from the workstations.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.