Control: The organisation:
Nonlocal Maintenance Supplemental Guidance:
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection. Authentication techniques used in the establishment of nonlocal maintenance and diagnostic sessions reflect the network access requirements in IA-2. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multi-factor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Enforcing requirements in MA-4 is accomplished in part by other controls.
Related controls: AC-2, AC-3, AC-6, AC-17, AU-2, AU-3, IA-2, IA-4, IA-5, IA-8, MA-2, MA-5, MP-6, PL-2, SC-7, SC-10, SC-17.
Nonlocal Maintenance Control Enhancements:
MA-4 (2) Nonlocal Maintenance - Document Nonlocal Maintenance
The organisation documents in the security plan for the information system, the policies and procedures for the establishment and use of nonlocal maintenance and diagnostic connections.
MA-4 (3) Nonlocal Maintenance - Comparable Security / Sanitisation
The organisation:
- (a) Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or
- (b) Removes the component to be serviced from the information system prior to nonlocal maintenance or diagnostic services, sanitises the component (with regard to organisational information) before removal from organisational facilities, and after the service is performed, inspects and sanitises the component (with regard to potentially malicious software) before reconnecting the component to the information system.
Supplemental Guidance: Comparable security capability on information systems, diagnostic tools, and equipment providing maintenance services implies that the implemented security controls on those systems, tools, and equipment are at least as comprehensive as the controls on the information system being serviced.
MA-4 (4) Nonlocal Maintenance - Authentication / Separation of maintenance sessions
The organisation protects nonlocal maintenance sessions by:
- (a) Employing [Assignment: organisation-defined authenticators that are replay resistant]; and
- (b) Separating the maintenance sessions from other network sessions with the information system by either:
- Physically separated communications paths; or
- Logically separated communications paths based upon encryption.
Supplemental Guidance: Related control: SC-13.
MA-4 (5) Nonlocal Maintenance - Approvals and Notifications
The organisation:
- (a) Requires the approval of each nonlocal maintenance session by [Assignment: organisation-defined personnel or roles]; and
- (b) Notifies [Assignment: organisation-defined personnel or roles] of the date and time of planned nonlocal maintenance.
Supplemental Guidance: Notification maybe performed by maintenance personnel. Approval of nonlocal maintenance sessions is accomplished by organisational personnel with sufficient information security and information system knowledge to determine the appropriateness of the proposed maintenance.
MA-4 (7) Nonlocal Maintenance - Remote Disconnect Verification
The information system implements remote disconnect verification at the termination of nonlocal maintenance and diagnostic sessions.
Supplemental Guidance: Remote disconnect verification ensures that remote connections from nonlocal maintenance sessions have been terminated and are no longer available for use.
Related control: SC-13.