GRCWatch
Sign inStart free trial

CIS Control 4.8: Uninstall or Disable Unnecessary Services

Every unnecessary service running on your enterprise assets is a potential entry point for attackers. CIS Control 4.8 requires you to systematically identify and remove unused services like file sharing modules, web applications, and service functions. This control directly reduces your attack surface and strengthens your security posture.

What this means

CIS 4.8 focuses on inventory and deactivation of services that aren't required for business operations. This includes removing unused software modules, disabling unnecessary network services, and eliminating dormant applications that consume resources and create security gaps. The control applies across all enterprise assets—servers, workstations, and software—to ensure only essential services remain active.

How to comply

  1. 1.Inventory all services running on enterprise assets using automated asset discovery tools
  2. 2.Document the business purpose for each service and identify those with no active use
  3. 3.Create a baseline of approved and necessary services per asset type
  4. 4.Disable or uninstall unused services across workstations, servers, and software applications
  5. 5.Test configurations after disabling services to ensure no dependency breaks
  6. 6.Maintain an approved services list and review quarterly for changes
  7. 7.Implement automated controls to prevent unauthorized service installation

Evidence auditors look for

  • Automated service inventory reports showing disabled or uninstalled unnecessary services
  • Configuration baseline documentation listing approved services per asset class
  • Change logs demonstrating removal or disabling of unused services
  • Quarterly service review documentation with business justification for active services
  • Asset management system records showing service status across the organization
  • Change management tickets approving service removals

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automatically discovers and tracks all services across your enterprise assets, flags unnecessary services based on CIS 4.8 standards, and generates compliance evidence showing what you've disabled—eliminating manual audits and tracking across your entire environment.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS Controls 4.1 — Establish and Maintain a Software InventoryCIS Controls 4.2 — Address Unauthorized SoftwareCIS Controls 2.1 — Establish and Maintain a Software Inventory