Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

Modify your systems to remove non-essential applications, disable unnecessary services, and close unused ports. Systems come with many unnecessary applications and settings enabled by default including unused ports and protocols. Leave only the fewest capabilities necessary for the systems to operate effectively. By removing non-mission essential software, ports, and services from your devices you are reducing their attack surface.

Review the systems deployed at your company and remove non-essential software, ports, and services. Your systems should only have enough functionality to complete their mission. Review all your computers and servers for unnecessary software and uninstall them. Unnecessary software is software that does not have a business need. Scan your server's ports using the Nmap software to identify open ports. Close/disable any non-essential ports and services identified in the scan.