3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

Restricting the use of nonessential software (programs) includes restricting the roles allowed to approve program execution; prohibiting auto-execute; program blacklisting and whitelisting; or restricting the number of program instances executed at the same time. The organization makes a security-based determination which functions, ports, protocols, and/or services are restricted. Bluetooth, File Transfer Protocol (FTP), and peer-to-peer networking are examples of protocols organizations consider preventing the use of, restricting, or disabling.

Actionable Items: Lock down local access to firewall to everyone except for security administrators. Lock local administrator access and program installation to everyone except for security administrators. Setup local firewall policy as GPO.   It will also be necessary to lock-down then company firewall for outside access.

You can purchase an installable GPO with installation instructions here.