2.2.4 Configure system security parameters to prevent misuse.
2.2.4.a Interview system administrators and/or security
managers to verify that they have knowledge of common
security parameter settings for system components.
2.2.4.b Examine the system configuration standards to verify
that common security parameter settings are included.
2.2.4.c Select a sample of system components and inspect
the common security parameters to verify that they are set
appropriately and in accordance with the configuration
System configuration standards and related
processes should specifically address security
settings and parameters that have known security
implications for each type of system in use.
In order for systems to be configured securely,
personnel responsible for configuration and/or
administering systems must be knowledgeable in
the specific security parameters and settings that
apply to the system.