Unneeded programs, ports, protocols, and services are disabled.
What it actually means
The concrete side of least functionality: identify the programs, ports, protocols, and services you actually need, and restrict or disable everything else — host firewalls, disabled services, blocked protocols.
Pass or fail — an assessor needs a "yes" to each
- Nonessential ports/protocols/services are disabled or blocked.
- Host and network firewalls enforce only-needed traffic.
- A list of permitted ports/services exists.
What to have ready
- Host firewall rules + disabled-service list
- Permitted ports/services baseline
- Network ACLs
Where teams trip up
- Open ports nobody can account for
- Legacy protocols (SMBv1, Telnet) still enabled
- No firewall on endpoints
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →