I agree. You need to know the well-known, reserved, and the underlying services / apps that use them. IE: Your dev team sends in a request to open port 21. You should know what they are trying to do and get very involved with the request, issue, and ultimate resolution.
Likewise, you need to be able to understand penetration testing reports (at the very least).
At the end of the day, all of the technical understanding required for a CISSP should complement your ability to manage risks. What makes it hard is it is technical, it's managerial, and you need to understand the legal and operational aspects of a business and industries. You are resource of information to the stakeholders and that includes your ability to understand the technical aspects of risks to the business.