MA-4(3)

  • Requirement

    1. Require that nonlocal maintenance and diagnostic services be performed from a system that implements a security capability comparable to the capability implemented on the system being serviced; or
    2. Remove the component to be serviced from the system prior to nonlocal maintenance or diagnostic services; sanitize the component (for organizational information); and after the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.
  • Discussion

    Comparable security capability on systems, diagnostic tools, and equipment providing maintenance services implies that the implemented controls on those systems, tools, and equipment are at least as comprehensive as the controls on the system being serviced.

More Info

  • Title

    Nonlocal Maintenance | Comparable Security and Sanitization
  • Family

    Maintenance
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

    MP-6;SI-3;SI-7

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!