2.2.2 Enable only necessary services,
protocols, daemons, etc., as required
for the function of the system.
2.2.2.a Select a sample of system components and inspect
enabled system services, daemons, and protocols to verify
that only necessary services or protocols are enabled.
2.2.2.b Identify any enabled insecure services, daemons, or
protocols and interview personnel to verify they are justified
per documented configuration standards.
As stated in Requirement 1.1.6, there are many
protocols that a business may need (or have
enabled by default) that are commonly used by
malicious individuals to compromise a network.
Including this requirement as part of an
organization’s configuration standards and related
processes ensures that only the necessary
services and protocols are enabled.