DoD Instruction 8551.01 – Ports, Protocols, and Services Management (PPSM)
3.4 3.4.7 Configuration Management
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/855101p.pdf
DoD Instruction 8551.01 Ports, Protocols, and Services Management (PPSM) standardizes procedures to catalog, regulate, and control the use and management of protocols in the Internet protocol suite, and associated ports (also known as protocols, data services, and associated ports or ports, protocols, and services); also referred to as PPS on DoD information networks (DODIN) including the connected information systems, platform information technology (IT) systems, platform IT (PIT), and products based on the potential that unregulated PPSM can damage DoD operations and interests and applies to all PPS used throughout planned, newly developed, acquired, and existing DODIN (whether used internal or external to the enclave), which include DoD Information Technology (IT).
Environmental Protection Agency – Configuration Management Procedures
3.4 3.4.7 Configuration Management
https://www.epa.gov/system/files/documents/2022-09/configuration_management_procedure.pdf
The purpose of this procedure is to facilitate the implementation of security control requirements for the Configuration Management control family, as identified in NIST SP 800-53.
Georgetown University – Restricted List of Ports, Protocols, and/or Services
3.4 3.4.7 Configuration Management
https://security.georgetown.edu/config-mgt-policy/least-functionality-guidelines/restricted_ports/#
This link provides a list of ports, protocols, and/or services that Georgetown University blocks in support of their least functionality guideline.
https://helpdeskgeek.com/networking/determine-open-and-blocked-ports/
This link provides the definition of a network port and shows the reader how to find open and closed ports.
netwrix – Handling Open Ports Secure and Finding Vulnerabilities
3.4 3.4.7 Configuration Management
https://blog.netwrix.com/2022/08/16/open-network-ports/
This article from netwrix outlines open ports, discusses the risks of open ports, which open ports are safe, and ways to find open ports in your network. They also share tips for ensuring port security.
NIST SP 800-53: CM-7 Least Functionality
3.4 3.4.7 3.4.8
https://nvd.nist.gov/800-53/Rev4/control/CM-7
NIST resource that defines requirements for configuring information systems to provide only essential capabilities such as restricting / blacklisting software.
