CMMC 1.0 Practice CM.2.062 Requirement:

Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

CMMC 1.0 CM.2.062 Requirement Explanation:

By removing non-mission essential software, ports, and services from your system you are reducing their attack surface.

Example CMMC 1.0 CM.2.062 Implementation:

Review the systems deployed at your company and remove non-essential software, ports, and services. Your systems should only have enough functionality to complete their mission.

CMMC 1.0 CM.2.062 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to ensure that her servers are configured in accordance with the prinicpal of least functionality. She runs port scans against them and identifies several open ports that are non-essential. She closes the ports thus reducing their attack surface.

- Scenario 2:

Alice conducts an audit of her company's workstations and discovers that several users have installed video games on their computers. She uninstalls the games and any other non-essential software from the workstations.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.