Content library
CyberFundamentals (Belgium)
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.

Requirement description

The organization shall configure the business-critical systems to provide only essential
capabilities.
Guidance
Consider applying the principle of least functionality to access systems and assets (see also PR.AC-4).

The organization shall disable defined functions, ports, protocols, and services within its critical systems that it deems unnecessary.

The organization shall implement technical safeguards to enforce a deny-all, permit-byexception policy to only allow the execution of authorized software programs.

How to fill the requirement

CyberFundamentals (Belgium)

PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.

Task name
Priority
Status
Theme
Policy
Other requirements
Ensuring system hardening
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
10
requirements

Examples of other requirements this task affects

I08: Järjestelmäkovennus
Katakri
TEK-10: Järjestelmäkovennus
Julkri
TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan
Julkri
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
CyberFundamentals
2.3.3: Deactivate unnecessary functionality
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Ensuring system hardening
1. Task description

Systems here mean servers, workstations, active network devices (firewalls, routers, switches, wireless base stations, etc.) and the like. Hardening, on the other hand, means changing the system's settings in such a way that the system's vulnerability area can be reduced.

Organization has defined operating processes through which:

  • Only essential features, devices and services (in terms of usage and data processing requirements) are put into use. Redundancies are also removed at the BIOS level.
  • There is a procedure in which systems are systematically installed so that the end result is a hardened installation.
  • A hardened installation contains only such components and services, and users and processes rights that are necessary to meet operational requirements and ensure security.
  • Software such as operating systems, applications, and firmware are set to collect the necessary log information to detect abuse.
  • Starting the data system from an unknown (other than defined as primary) is blocked from the device.
  • Software (e.g. firmware, applications) is kept up-to-date.
  • Connections to the target, including management connections, are limited, hardened, user-identified and time-limited (session timeout).< /li>
The principle of least functionality in systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
4
requirements

Examples of other requirements this task affects

PR.PT-3: Principle of least functionality
NIST
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
CyberFundamentals
2.3.3: Deactivate unnecessary functionality
NSM ICT-SP
2.2.2: Design the ICT system using ICT products which integrate well
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
The principle of least functionality in systems
1. Task description

The organization utilizes the principle of least functionality in deploying and configuring systems. Systems must not have rights to anything that is not needed to accomplish what they are intended for.

Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
17
requirements

Examples of other requirements this task affects

12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
DE.CM-5: Unauthorized mobile code detection
NIST
8.7: Protection against malware
ISO 27001
5.2.3: Malware protection
TISAX
See all related requirements and other information from tasks own page.
Go to >
Automatic blocking and detecting of unauthorized software
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.