Attack Surface

Your attack surface is the total set of points where an attacker could attempt to enter or extract data from your environment. It includes every network connection, public-facing service, user account, wireless access point, removable media port, and even your employees (who can be targeted through social engineering).

Reducing your attack surface is a core security strategy — the fewer entry points you expose, the fewer opportunities attackers have. This is achieved through network segmentation, disabling unnecessary services, removing unused accounts, restricting physical access, and minimizing the number of systems that interact with external networks.

Why It Matters

Many CMMC requirements — least functionality, access control, network segmentation, media protection — directly reduce your attack surface. Understanding your attack surface helps you identify which controls have the greatest security impact and where your biggest exposures are.

Related Resources

NIST 800-53: SA-11(6)
NIST 800-53: SA-15(5)