Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

cm-7(3)

least functionality  | registration compliance

assessment objective:

Determine if the organization:

cm-7(3)[1]

defines registration requirements for:

cm-7(3)[1][a]

functions;

cm-7(3)[1][b]

ports;

cm-7(3)[1][c]

protocols; and/or

cm-7(3)[1][d]

services;

cm-7(3)[2]

ensures compliance with organization-defined registration requirements for:

cm-7(3)[2][a]

functions;

cm-7(3)[2][b]

ports;

cm-7(3)[2][c]

protocols; and/or

cm-7(3)[2][d]

services.

potential assessment methods and objects:

Examine: [select from: Configuration management policy; procedures addressing least functionality in the information system; configuration management plan; security plan; information system configuration settings and associated documentation; audit and compliance reviews; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Organizational processes ensuring compliance with registration requirements for functions, ports, protocols, and/or services; automated mechanisms implementing compliance with registration requirements for functions, ports, protocols, and/or services].