2.2.5 Remove all unnecessary
functionality, such as scripts, drivers,
features, subsystems, file systems, and
unnecessary web servers.
2.2.5.a Select a sample of system components and inspect
the configurations to verify that all unnecessary functionality
(for example, scripts, drivers, features, subsystems, file
systems, etc.) is removed.
2.2.5.b. Examine the documentation and security parameters
to verify enabled functions are documented and support
secure configuration.
2.2.5.c. Examine the documentation and security parameters
to verify that only documented functionality is present on the
sampled system components.
Unnecessary functions can provide additional
opportunities for malicious individuals to gain
access to a system. By removing unnecessary
functionality, organizations can focus on securing
the functions that are required and reduce the risk
that unknown functions will be exploited.
Including this in server-hardening standards and
processes addresses the specific security
implications associated with unnecessary
functions (for example, by removing/disabling FTP
or the web server if the server will not be
performing those functions).