| 1. DoD information systems shall comply with DoD ports, protocols, and services guidance. |
2. A port, protocol, or service that does not explicitly support a business function shall be disabled or removed.
3. A list of ports, protocols, and services shall be documented and regularly updated and maintained through the CCB.
4. Organizations shall identify the network ports, protocols, and services they plan to use within AIS applications, outsourced IT-based processes and platform IT as early in the life cycle as possible and notify hosting enclaves.
5. Enclaves shall register all active ports, protocols, and services in accordance with DoD and DoD Component guidance.
6. Components shall monitor emerging threats and vulnerabilities to the ports, protocols, and services they use.