compliance controls are associated with this Policy definition 'Perform all non-local maintenance' (5bac5fb7-7735-357b-767d-02264bfe5c3b)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
MA-4(3) |
FedRAMP_High_R4_MA-4(3) |
FedRAMP High MA-4 (3) |
Maintenance |
Comparable Security / Sanitization |
Shared |
n/a |
The organization:
(a) Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or
(b) Removes the component to be serviced from the information system and prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.
Supplemental Guidance: Comparable security capability on information systems, diagnostic tools, and equipment providing maintenance services implies that the implemented security controls on those systems, tools, and equipment are at least as comprehensive as the controls on the information system being serviced. Related controls: MA-3, SA-12, SI-3, SI-7. |
link |
1 |
| hipaa |
18110.08j1Organizational.5-08.j |
hipaa-18110.08j1Organizational.5-08.j |
18110.08j1Organizational.5-08.j |
18 Physical & Environmental Security |
18110.08j1Organizational.5-08.j 08.02 Equipment Security |
Shared |
n/a |
The organization monitors and controls non-local maintenance and diagnostic activities; and prohibits non-local system maintenance unless explicitly authorized, in writing, by the CIO or his/her designated representative. |
|
4 |
| NIST_SP_800-53_R4 |
MA-4(3) |
NIST_SP_800-53_R4_MA-4(3) |
NIST SP 800-53 Rev. 4 MA-4 (3) |
Maintenance |
Comparable Security / Sanitization |
Shared |
n/a |
The organization:
(a) Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or
(b) Removes the component to be serviced from the information system and prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.
Supplemental Guidance: Comparable security capability on information systems, diagnostic tools, and equipment providing maintenance services implies that the implemented security controls on those systems, tools, and equipment are at least as comprehensive as the controls on the information system being serviced. Related controls: MA-3, SA-12, SI-3, SI-7. |
link |
1 |
| NIST_SP_800-53_R5 |
MA-4(3) |
NIST_SP_800-53_R5_MA-4(3) |
NIST SP 800-53 Rev. 5 MA-4 (3) |
Maintenance |
Comparable Security and Sanitization |
Shared |
n/a |
(a) Require that nonlocal maintenance and diagnostic services be performed from a system that implements a security capability comparable to the capability implemented on the system being serviced; or
(b) Remove the component to be serviced from the system prior to nonlocal maintenance or diagnostic services; sanitize the component (for organizational information); and after the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system. |
link |
1 |