IG2 IG3

Uninstall or Disable Unnecessary Services on Enterprise Assets and Software

Control Group: 4. Secure Configuration of Enterprise Assets and Software

Asset Type: Devices

Security Function: Protect

Description

Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.

Implementation Checklist

1

Assess current protection controls in place

2

Configure and deploy required security controls

3

Test control effectiveness in non-production environment

4

Deploy to production and verify functionality

5

Document configuration and operational procedures

Tool Recommendations

Splunk Enterprise Security Gartner MQ Leader, SIEM 2024

SIEM platform with log management, threat detection, investigation, and compliance reporting across enterprise data sources

Cisco (Splunk) · Ingest-based or workload-based

Microsoft Sentinel Gartner MQ Leader, SIEM 2024

Cloud-native SIEM and SOAR with AI-driven analytics, automated threat response, and native Azure/M365 integration

Microsoft · Pay-as-you-go (per GB ingested)

Tripwire Enterprise Gartner Peer Insights, Security Configuration Management 2024

Security configuration management and file integrity monitoring platform with policy compliance and drift detection

Fortra (Tripwire) · Per-node subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Exploitation of Unnecessary Services

Integrity

Attackers exploit vulnerabilities in services that are running but not needed for business operations, such as unused web servers, FTP services, or remote desktop on workstations.

Attack Surface Expansion via Unused Application Modules

Confidentiality

Unnecessary application modules and service functions provide additional code paths for attackers to exploit, even though the organization never uses the functionality.

Vulnerabilities (When Safeguard Absent)

Excessive Running Services on Enterprise Assets

Systems run unnecessary services and application modules out of the box, dramatically expanding the attack surface beyond what is required for their intended function.

No Attack Surface Reduction Process

Without a process to identify and disable unnecessary services, each system accumulates exploitable services that increase risk without providing business value.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Configuration screenshots or exports showing protection controls enabled	Captured quarterly
Document	Procedure documentation for protection measures	Reviewed annually
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Secure Configuration Management Policy

Control 4, Control 9, Control 12

Related Safeguards in Control 4

4.1 Establish and Maintain a Secure Configuration Process

4.2 Establish and Maintain a Secure Configuration Process for Network Infrastructure

4.3 Configure Automatic Session Locking on Enterprise Assets

4.4 Implement and Manage a Firewall on Servers

4.5 Implement and Manage a Firewall on End>User Devices

4.6 Securely Manage Enterprise Assets and Software

4.7 Manage Default Accounts on Enterprise Assets and Software

4.9 Configure Trusted DNS Servers on Enterprise Assets

4.10 Enforce Automatic Device Lockout on Portable End>User Devices

4.11 Enforce Remote Wipe Capability on Portable End>User Devices

4.12 Separate Enterprise Workspaces on Mobile End>User Devices