CFG-03.1 ยท Periodic Review

Control Description

Mechanisms exist to periodically review system configurations to identify and disable unnecessary and/or non-secure functions, ports, protocols and services.

Control Question
Assessment question for control validation

Does the organization periodically review system configurations to identify and disable unnecessary and/or non-secure functions, ports, protocols and services?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Detect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: CFG-03.1
ESP Level 2: CFG-03.1
ESP Level 3: CFG-03.1
Additional Metadata
Applicability (Process):
x