MA-4(3): Comparable Security and Sanitization

Control Family:

Maintenance

Parent Control:

MA-4: Nonlocal Maintenance

CSF v1.1 References:

PR.MA-2

Threats Addressed:

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
MA-4(3): Comparable Security / Sanitization

Control Statement

Require that nonlocal maintenance and diagnostic services be performed from a system that implements a security capability comparable to the capability implemented on the system being serviced; or
Remove the component to be serviced from the system prior to nonlocal maintenance or diagnostic services; sanitize the component (for organizational information); and after the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.

Supplemental Guidance

Comparable security capability on systems, diagnostic tools, and equipment providing maintenance services implies that the implemented controls on those systems, tools, and equipment are at least as comprehensive as the controls on the system being serviced.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5