Details

If the protocol is not required, it is recommended that the drivers not be installed to reduce the potential attack surface.

Solution

Edit or create the file /etc/modprobe.d/CIS.conf and add the following line: install dccp /bin/true

Supportive Information

The following resource is also helpful.

• https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7
• CSCv6|9.1

Source

• Tenable.com/audits