9.2: Ensure Only Approved Ports, Protocols, and Services Are Running
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
The next version of the control set incorporates all or part of this control into: 4.4: Implement and Manage a Firewall on Servers, 4.5: Implement and Manage a Firewall on End-User Devices, 4.8: Uninstall or Disable Unnecessary Services on Enterprise Assets and Software.
Control Statement
Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]