MA-4(5): Approvals And Notifications

Control Family:


CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization:

  1. Requires the approval of each nonlocal maintenance session by [Assignment: organization-defined personnel or roles]; and
  2. Notifies [Assignment: organization-defined personnel or roles] of the date and time of planned nonlocal maintenance.

Supplemental Guidance

Notification may be performed by maintenance personnel. Approval of nonlocal maintenance sessions is accomplished by organizational personnel with sufficient information security and information system knowledge to determine the appropriateness of the proposed maintenance.