MA-3(3): Prevent Unauthorized Removal

Control Family:

Maintenance

Parent Control:

MA-3: Maintenance Tools

Priority:

P3: Implement P3 security controls after implementation of P1 and P2 controls.

CSF v1.1 References:

PR.MA-1

Threats Addressed:

Tampering

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
MA-3(3): Prevent Unauthorized Removal

Control Statement

The organization prevents the unauthorized removal of maintenance equipment containing organizational information by:

Verifying that there is no organizational information contained on the equipment;
Sanitizing or destroying the equipment;
Retaining the equipment within the facility; or
Obtaining an exemption from [Assignment: organization-defined personnel or roles] explicitly authorizing removal of the equipment from the facility.

Supplemental Guidance

Organizational information includes all information specifically owned by organizations and information provided to organizations in which organizations serve as information stewards.