Skip to Content

Periodic Review CM-7(1)

655  Matthew Burdick September 29, 2022  Configuration Management (CM)

Overview:
The organization:
(a) Reviews the information system [Assignment: organization-defined frequency] to identify unnecessary and/or nonsecure functions, ports, protocols, and services; and
(b) Disables [Assignment: organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure].


Supplemental Guidance:
The organization can either make a determination of the relative security of the function, port, protocol, and/or service or base the security decision on the assessment of other entities. Bluetooth, FTP, and peer-to-peer networking are examples of less than secure protocols.


Related controls:AC-18, CM-7, IA-2.


Action Items:
1) Review system components and services regularly for an insecure or unnecessary items

2) Disable or remove any items found

 

Related Documents:
1) Secure Systems Configuration Policy

2) Vulnerability Management Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
CM-7 (1) (a) [at least monthly]


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code