Configure the system to provide only {{ insert: param, cm-07_odp.01 }} ; and Prohibit or restrict the use of the following functions, ports, protocols, software, and/or services: {{ insert: param, cm-7_prm_2 }}.

Review the system {{ insert: param, cm-07.01_odp.01 }} to identify unnecessary and/or nonsecure functions, ports, protocols, software, and services; and Disable or remove {{ insert: param, cm-7.1_prm_2 }}.

Prevent program execution in accordance with {{ insert: param, cm-07.02_odp.01 }}.

Ensure compliance with {{ insert: param, cm-07.03_odp }}.

Identify {{ insert: param, cm-07.04_odp.01 }}; Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system; and Review and update the list of unauthorized software programs {{ insert: param, cm-07.04_odp.02 }}.

Identify {{ insert: param, cm-07.05_odp.01 }}; Employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system; and Review and update the list of authorized software programs {{ insert: param, cm-07.05_odp.02 }}.

Require that the following user-installed software execute in a confined physical or virtual machine environment with limited privileges: {{ insert: param, cm-07.06_odp }}.

Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of {{ insert: param, cm-07.07_odp }} when such code is: Obtained from sources with limited or no warranty; and/or Without the provision of source code.

Prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code; and Allow exceptions only for compelling mission or operational requirements and with the approval of the authorizing official.

Identify {{ insert: param, cm-07.09_odp.01 }}; Prohibit the use or connection of unauthorized hardware components; Review and update the list of authorized hardware components {{ insert: param, cm-07.09_odp.02 }}.