DCPP-1

DCPP-1 Ports, Protocols, and Services

Overview

DoD information systems comply with DoD ports, protocols, and services guidance. AIS applications, outsourced IT-based processes and platform IT identify the network ports, protocols, and services they plan to use as early in the life cycle as possible and notify hosting enclaves. Enclaves register all active ports, protocols, and services in accordance with DoD and DoD Component guidance.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	Medium	Security Design and Configuration

Details

Threat
Open, undocumented, and unnecessary ports, protocols, and services increase the risk of data compromise and system unavailability. Adhering to DoD guidance minimizes the inherent risk associated with ports, protocols, and services.

Guidance
1. DoD information systems shall comply with DoD ports, protocols, and services guidance. 2. A port, protocol, or service that does not explicitly support a business function shall be disabled or removed. 3. A list of ports, protocols, and services shall be documented and regularly updated and maintained through the CCB. 4. Organizations shall identify the network ports, protocols, and services they plan to use within AIS applications, outsourced IT-based processes and platform IT as early in the life cycle as possible and notify hosting enclaves. 5. Enclaves shall register all active ports, protocols, and services in accordance with DoD and DoD Component guidance. 6. Components shall monitor emerging threats and vulnerabilities to the ports, protocols, and services they use.

Guidance

1. DoD information systems shall comply with DoD ports, protocols, and services guidance.
2. A port, protocol, or service that does not explicitly support a business function shall be disabled or removed.
3. A list of ports, protocols, and services shall be documented and regularly updated and maintained through the CCB.
4. Organizations shall identify the network ports, protocols, and services they plan to use within AIS applications, outsourced IT-based processes and platform IT as early in the life cycle as possible and notify hosting enclaves.
5. Enclaves shall register all active ports, protocols, and services in accordance with DoD and DoD Component guidance.
6. Components shall monitor emerging threats and vulnerabilities to the ports, protocols, and services they use.

References

JTF-GNO PNP Update Message, 14 March 2003
ASD/C3I Memorandum DoD Ports, Protocols and Services, 28 January 2003
DoD Ports, Protocols and Services Security Technical Guidance, 05 November 2005
Firewall Guidance Message. September 2002
DoDI 8551.1, Ports, Protocols, and Services Management (PPSM), 13 August 2004
http://iase.disa.mil/ports/index.html
DoDD O-8530.1, Computer Network Defense (CND), 08 January 2001