CCI-003272

Require the developer of the system, system component, or system service to reduce attack surfaces to organization-defined thresholds.