3.4.7[o]

  • Determination Statement

    The use of nonessential services is restricted, disabled, or prevented as defined.

  • Requirement

    Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

  • Requirement Discussion

    Restricting the use of nonessential software (programs) includes restricting the roles allowed to approve program execution; prohibiting auto-execute; program blacklisting and whitelisting; or restricting the number of program instances executed at the same time. The organization makes a security-based determination which functions, ports, protocols, and/or services are restricted. Bluetooth, File Transfer Protocol (FTP), and peer-to-peer networking are examples of protocols organizations consider preventing the use of, restricting, or disabling.

More Info

  • Family

    Configuration Management
  • DoD Scoring Methodology Points

    5

  • Related NIST 800-171 ID

  • Related CMMC ID

  • Related NIST 800-53 ID

    CM-7(1);CM-7(2)

  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!