MA: Maintenance
Controls
MA-1: System Maintenance Policy And Procedures
Baseline(s):
- Low
- Moderate
- High
The organization: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: A system maintenance policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of the system maintenance policy and associated system maintenance controls; and Reviews and updates the current: System maintenance policy…
MA-2: Controlled Maintenance
Baseline(s):
- Low
- Moderate
- High
The organization: Schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements; Approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location; Requires that [Assignment: organization-defined…
MA-3: Maintenance Tools
Baseline(s):
- Moderate
- High
The organization approves, controls, and monitors information system maintenance tools.
MA-4: Nonlocal Maintenance
Baseline(s):
- Low
- Moderate
- High
The organization: Approves and monitors nonlocal maintenance and diagnostic activities; Allows the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the information system; Employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions; Maintains records for nonlocal maintenance and diagnostic activities;…
MA-5: Maintenance Personnel
Baseline(s):
- Low
- Moderate
- High
The organization: Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel; Ensures that non-escorted personnel performing maintenance on the information system have required access authorizations; and Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess…
MA-6: Timely Maintenance
Baseline(s):
- Moderate
- High
The organization obtains maintenance support and/or spare parts for [Assignment: organization-defined information system components] within [Assignment: organization-defined time period] of failure.