2.5 Ensure that security policies and
operational procedures for managing
vendor defaults and other security
parameters are documented, in use, and
known to all affected parties.
2.5 Examine documentation and interview personnel to verify
that security policies and operational procedures for managing
vendor defaults and other security parameters are:
Documented,
In use, and
Known to all affected parties.
Personnel need to be aware of and following
security policies and daily operational procedures
to ensure vendor defaults and other security
parameters are continuously managed to prevent
insecure configurations.