|
controlMA-4
Nonlocal Maintenance (MA-4)
Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session and network connections when nonlocal maintenance is completed.
Security Baselines
LOWMODERATEHIGH
maintenancesystem-maintenance
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports50
These related controls work together — a change to one may affect the others.
Enhances7
These enhancements add specific capabilities or refinements to the base control.
Related Controls(28)
AC-3Access Enforcement (AC-3)
LMH
AC-12Session Termination (AC-12)MH
AC-17Remote Access (AC-17)LMH
AU-2Event Logging (AU-2)LMH
AU-3Content of Audit Records (AU-3)LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)LMH
AU-12Audit Record Generation (AU-12)LMH
CA-7Continuous Monitoring (CA-7)LMH
IA-2Identification and Authentication (Organizational Users) (IA-2)LMH
IA-4Identifier Management (IA-4)LMH
IA-5Authenticator Management (IA-5)LMH
IA-8Identification and Authentication (Non-organizational Users) (IA-8)LMH
MA-2Controlled Maintenance (MA-2)LMH
AC-2Account Management (AC-2)LMH
AC-6Least Privilege (AC-6)MH
MA-5Maintenance Personnel (MA-5)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
SC-7Boundary Protection (SC-7)LMH
SC-10Network Disconnect (SC-10)MH
MA-7Field Maintenance (MA-7)MP-6Media Sanitization (MP-6)LMH
PM-31Continuous Monitoring Strategy (PM-31)SC-8Transmission Confidentiality and Integrity (SC-8)MH
SC-13Cryptographic Protection (SC-13)LMH
SC-37Out-of-band Channels (SC-37)SI-3Malicious Code Protection (SI-3)LMH
SI-4System Monitoring (SI-4)LMH
SI-7Software, Firmware, and Information Integrity (SI-7)MH
Control Enhancements(7)
MA-4(1)Logging and Review (MA-4(1))MA-4(2)Document Nonlocal Maintenance (MA-4(2))WMA-4(3)Comparable Security and Sanitization (MA-4(3))
H
MA-4(4)Authentication and Separation of Maintenance Sessions (MA-4(4))MA-4(5)Approvals and Notifications (MA-4(5))MA-4(6)Cryptographic Protection (MA-4(6))MA-4(7)Disconnect Verification (MA-4(7))