PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access
PF v1.0 References:
Threats Addressed:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
MA-4: Nonlocal Maintenance
Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session…
NIST Special Publication 800-171 Revision 2
3.7.5: Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through an external network. The authentication techniques employed in the establishment of these nonlocal maintenance and diagnostic sessions reflect the network access requirements in 3.5.3.
Cloud Controls Matrix v3.0.1
IAM-03: Diagnostic / Configuration Ports Access
User access to diagnostic and configuration ports shall be restricted to authorized individuals and applications.
IAM-07: Third Party Access
The identification, assessment, and prioritization of risks posed by business processes requiring third-party access to the organization’s information systems and data shall be followed by coordinated application of resources to minimize, monitor, and measure likelihood and impact of unauthorized or inappropriate access. Compensating controls derived from the risk analysis shall be implemented prior to provisioning…
IAM-13: Utility Programs Access
Utility programs capable of potentially overriding system, object, network, virtual machine, and application controls shall be restricted.
IVS-11: Hypervisor Hardening
Access to all hypervisor management functions or administrative consoles for systems hosting virtualized systems shall be restricted to personnel based upon the principle of least privilege and supported through technical controls (e.g., two-factor authentication, audit trails, IP address filtering, firewalls, and TLS encapsulated communications to the administrative consoles).
Critical Security Controls Version 8
13: Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise's network infrastructure and user base.
NIST Special Publication 800-53 Revision 4
MA-4: Nonlocal Maintenance
The organization: Approves and monitors nonlocal maintenance and diagnostic activities; Allows the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the information system; Employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions; Maintains records for nonlocal maintenance and diagnostic activities;…
Critical Security Controls Version 7.1
4: Controlled Use of Administrative Privileges
The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.
11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
12: Boundary Defense
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.