MA-4(4): Authentication / Separation Of Maintenance Sessions

Control Family:

Maintenance

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

Control Statement

The organization protects nonlocal maintenance sessions by:

  1. Employing [Assignment: organization-defined authenticators that are replay resistant]; and
  2. Separating the maintenance sessions from other network sessions with the information system by either:
    1. Physically separated communications paths; or
    2. Logically separated communications paths based upon encryption.