The organization defines the frequency of information system reviews to identify and eliminate unnecessary functions, ports, protocols and/or services.
No STIG checks reference this CCI.