Overview
DoD information systems comply with DoD ports, protocols, and services guidance. AIS applications, outsourced IT-based processes and platform IT identify the network ports, protocols, and services they plan to use as early in the life cycle as possible and notify hosting enclaves. Enclaves register all active ports, protocols, and services in accordance with DoD and DoD Component guidance.
Threat
Open, undocumented, and unnecessary ports, protocols, and services increase the risk of data compromise and system unavailability. Adhering to DoD guidance minimizes the inherent risk associated with ports, protocols, and services.
Guidance
1. DoD information systems shall comply with DoD ports, protocols, and services guidance.
2. A port, protocol, or service that does not explicitly support a business function shall be disabled or removed.
3. A list of ports, protocols, and services shall be documented and regularly updated and maintained through the CCB.
4. Organizations shall identify the network ports, protocols, and services they plan to use within AIS applications, outsourced IT-based processes and platform IT as early in the life cycle as possible and notify hosting enclaves.
5. Enclaves shall register all active ports, protocols, and services in accordance with DoD and DoD Component guidance.
6. Components shall monitor emerging threats and vulnerabilities to the ports, protocols, and services they use.
DoD classifies this control in the subject area of “Security Design and Configuration” with a impact of “Medium”.