NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 3.0 Security Architecture

Principle of least functionality

A system should only run services, have open ports, and include software necessary for its role. Minimize attack surface by removing everything else.

How this shows up at NCAE

If the scoring engine only checks 7 ports, only those 7 should be listening. `apt-get remove` what you don't need. `systemctl disable` anything else. Turns a huge attack surface into a small one.