Content library
CyberFundamentals (Belgium)
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.

How to fill the requirement

CyberFundamentals (Belgium)

PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.

Task name
Priority
Status
Theme
Policy
Other requirements
The principle of least functionality in systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
requirements

Task is fulfilling also these other security requirements

PR.PT-3: Principle of least functionality
NIST
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
CyFun
1. Task description

The organization utilizes the principle of least functionality in deploying and configuring systems. Systems must not have rights to anything that is not needed to accomplish what they are intended for.

Ensuring system hardening
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
requirements

Task is fulfilling also these other security requirements

I08: Järjestelmäkovennus
Katakri
TEK-10: Järjestelmäkovennus
Julkri
TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan
Julkri
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
CyFun
1. Task description

Systems here mean servers, workstations, active network devices (firewalls, routers, switches, wireless base stations, etc.) and the like. Hardening, on the other hand, means changing the system's settings in such a way that the system's vulnerability area can be reduced.

Organization has defined operating processes through which:

  • Only essential features, devices and services (in terms of usage and data processing requirements) are put into use. Redundancies are also removed at the BIOS level.
  • There is a procedure in which systems are systematically installed so that the end result is a hardened installation.
  • A hardened installation contains only such components and services, and users and processes rights that are necessary to meet operational requirements and ensure security.
  • Software such as operating systems, applications, and firmware are set to collect the necessary log information to detect abuse.
  • Starting the data system from an unknown (other than defined as primary) is blocked from the device.
  • Software (e.g. firmware, applications) is kept up-to-date.
  • Connections to the target, including management connections, are limited, hardened, user-identified and time-limited (session timeout).< /li>
Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
requirements

Task is fulfilling also these other security requirements

12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
DE.CM-5: Unauthorized mobile code detection
NIST
8.7: Protection against malware
ISO27k1 Full
5.2.3: Malware protection
TISAX
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.

No items found.