MA-3(2): Inspect Media

Control Family:

Parent Control:

MA-3: Maintenance Tools

Priority:

P3: Implement P3 security controls after implementation of P1 and P2 controls.

CSF v1.1 References:

PR.MA-1

Threats Addressed:

Tampering

Baselines:

Moderate
High

Next Version:

NIST Special Publication 800-53 Revision 5:
MA-3(2): Inspect Media

Control Statement

The organization checks media containing diagnostic and test programs for malicious code before the media are used in the information system.

Supplemental Guidance

If, upon inspection of media containing maintenance diagnostic and test programs, organizations determine that the media contain malicious code, the incident is handled consistent with organizational incident handling policies and procedures.