9.2: Ensure Only Approved Ports, Protocols, and Services Are Running
Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Devices |
Protect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
List of authorized ports with validated business need
List of authorized protocols with validated business need
List of authorized services with validated business need
List of endpoints
Operations
- For each endpoint perform the following to build sets of information:
Scan for open ports
- For each open port
Test protocol running on that port
Enumerate installed services
Enumerate discovered ports
Enumerate discovered services
Determine set of unauthorized ports
Determine set of unauthorized services
Measures
M1 = Set of open ports
M2 = Set of unauthorized ports
M3 = Set of discovered services
M4 = Set of unauthorized services
M5 = Set of unexpected protocols discovered on open ports
Metrics
Ports
Metric |
Ratio of unauthorized ports to open ports
|
Calculation |
|
Services
Metric |
Ratio of unauthorized services to discovered services
|
Calculation |
|
Unexpected Protocols
Metric |
Ratio of unexpected protocols discovered on open ports to total number of open ports
|
Calculation |
|