Skip to content
ATO Pathways
  Log In

CCI-001762

Disable or remove organization-defined functions, ports, protocols, software, and services within the system deemed to be unnecessary and/or nonsecure.

Logo
4

Rule

Severity: Medium
The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.
Logo
2

Rule

Severity: Medium
IDMS terminal and lines that are not secure must be disabled.
Logo
1

Rule

Severity: Medium
TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
Logo
1

Rule

Severity: Medium
Docker Enterprise network ports on all running containers must be limited to what is needed.
Logo
1

Rule

Severity: Medium
DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
3

Rule

Severity: Medium
All Web applications included with Apache Tomcat that are not required must be removed.
Logo
3

Rule

Severity: Medium
LockOutRealm must not be removed from Apache Tomcat.
Logo
2

Rule

Severity: Medium
The version number of Apache Tomcat must be removed from the CATALINA_HOME/lib/catalina.jar file.
Logo
3

Rule

Severity: Medium
Stack tracing must be disabled in Apache Tomcat.
Logo
2

Rule

Severity: Medium
The default mysql_secure_installation must be installed.
Logo
2

Rule

Severity: Medium
Azure SQL Database must only use approved firewall settings deemed by the organization to be secure, including denying public network access.
Logo
2

Rule

Severity: Medium
Azure SQL Database must only use approved firewall settings deemed by the organization to be secure, including denying azure services access to the server.
Logo
5

Rule

Severity: Medium
Exchange services must be documented and unnecessary services must be removed or disabled.
Logo
1

Rule

Severity: Medium
SQL Server must disable communication protocols not required for operation.
Logo
6

Rule

Severity: Medium
Firewall rules must be configured on the Tanium Server for Console-to-Server communications.
Logo
4

Rule

Severity: Medium
Firewall rules must be configured on the Tanium Server for Server-to-Database communications.
Logo
6

Rule

Severity: Medium
Firewall rules must be configured on the Tanium module server to allow Server-to-Module Server communications from the Tanium Server.
Logo
6

Rule

Severity: Medium
Firewall rules must be configured on the Tanium Server for Server-to-Module Server communications.
Logo
6

Rule

Severity: Medium
Firewall rules must be configured on the Tanium Server for Server-to-Zone Server communications.
Logo
2

Rule

Severity: Medium
Firewall rules must be configured on the Tanium Server for server-to-database communications.
Logo
2

Rule

Severity: Medium
The UEM server must disable organization-defined functions, ports, protocols, and services (within the application) deemed unnecessary and/or non-secure.
Logo
2

Rule

Severity: High
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.
Logo
1

Rule

Severity: High
Product engineering access to the Hardware Management Console must be disabled.
Logo
2

Rule

Severity: Medium
PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
All non-essential, unnecessary, and unsecure DoD ports, protocols, and services must be disabled in the container platform.
Logo
3

Rule

Severity: Medium
The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
3

Rule

Severity: Medium
The DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
Use of the QUIC protocol must be disabled.
Logo
2

Rule

Severity: Medium
MarkLogic Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
Disable TLS RC4 cipher in .Net
Logo
4

Rule

Severity: Medium
Exchange services must be documented, and unnecessary services must be removed or disabled.
Logo
2

Rule

Severity: Medium
The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines.
Logo
2

Rule

Severity: Medium
The IIS 10.0 web server must not be running on a system providing any other role.
Logo
2

Rule

Severity: Medium
The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server.
Logo
2

Rule

Severity: Medium
SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
1

Rule

Severity: Medium
PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
Logo
2

Rule

Severity: Medium
The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
Redis Enterprise DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
2

Rule

Severity: Medium
Rancher RKE2 runtime must enforce ports, protocols, and services that adhere to the PPSM CAL.
Logo
2

Rule

Severity: High
The Solidcore client Command Line Interface (CLI) must be in lockdown mode.
Logo
1

Rule

Severity: Medium
Performance Charts must be configured with the appropriate ports.
Logo
1

Rule

Severity: Medium
ESX Agent Manager must be configured with the appropriate ports.
Logo
1

Rule

Severity: Medium
Lookup Service must be configured with the appropriate ports.
Logo
1

Rule

Severity: Medium
VMware Postgres must be configured to use the correct port.
Logo
1

Rule

Severity: Medium
The Security Token Service must be configured with the appropriate ports.
Logo
1

Rule

Severity: Medium
vSphere UI must be configured with the appropriate ports.
Logo
3

Rule

Severity: Medium
The vCenter PostgreSQL service must be configured to use an authorized port.
Logo
2

Rule

Severity: Medium
The web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.
Logo
6

Rule

Severity: High
Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP.
Logo
6

Rule

Severity: Medium
The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements.
Logo
6

Rule

Severity: Medium
WebSphere MQ dead letter and alias dead letter queues are not properly defined.
Logo
2

Rule

Severity: Medium
WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements.
Logo
4

Rule

Severity: Medium
WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements.
Logo
1

Rule

Severity: Medium
PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance.
Logo
1

Rule

Severity: Medium
The Syslog client must use TCP connections.
Logo
1

Rule

Severity: Medium
The network ports on all running containers must be limited to required ports.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules