Define and implement secure default settings for the software baseline by determining how to configure each setting that has an effect on security so that the default settings are secure and do not weaken the security functions provided by the platform, network infrastructure, or services.

• Conduct testing to ensure that the settings, including the default settings, are working as expected and are not inadvertently causing any security weaknesses, operational issues, or other problems.
• Verify that the approved configuration is in place for the software.
• Document each setting’s purpose, options, default value, security relevance, potential operational impact, and relationships with other settings.
• Use authoritative programmatic technical mechanisms to document how each setting can be implemented and assessed by software administrators.
• Store the default configuration in a usable format and follow change control practices for modifying it (e.g., configuration as code).

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/amq-clients/tasks/phase/specifications/141-T2349/