MA-4(5): Approvals And Notifications

Control Family:

Maintenance

Parent Control:

MA-4: Nonlocal Maintenance

Priority:

P2: Implement P2 security controls after implementation of P1 controls.

CSF v1.1 References:

PR.MA-2

Threats Addressed:

Tampering
Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
MA-4(5): Approvals and Notifications

Control Statement

The organization:

Requires the approval of each nonlocal maintenance session by [Assignment: organization-defined personnel or roles]; and
Notifies [Assignment: organization-defined personnel or roles] of the date and time of planned nonlocal maintenance.

Supplemental Guidance

Notification may be performed by maintenance personnel. Approval of nonlocal maintenance sessions is accomplished by organizational personnel with sufficient information security and information system knowledge to determine the appropriateness of the proposed maintenance.