CMMC 1.0 Practice CM.2.062 Requirement:

Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

CMMC 1.0 CM.2.062 Requirement Explanation:

By removing non-mission essential software, ports, and services from your system you are reducing their attack surface.

Example CMMC 1.0 CM.2.062 Implementation:

Review the systems deployed at your company and remove non-essential software, ports, and services. Your systems should only have enough functionality to complete their mission.

CMMC 1.0 CM.2.062 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to ensure that her servers are configured in accordance with the prinicpal of least functionality. She runs port scans against them and identifies several open ports that are non-essential. She closes the ports thus reducing their attack surface.

- Scenario 2:

Alice conducts an audit of her company's workstations and discovers that several users have installed video games on their computers. She uninstalls the games and any other non-essential software from the workstations.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.