MA-4(4): Authentication and Separation of Maintenance Sessions
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- MA-4(4): Authentication / Separation Of Maintenance Sessions
Control Statement
Protect nonlocal maintenance sessions by:
- Employing [Assignment: organization-defined authenticators that are replay resistant]; and
- Separating the maintenance sessions from other network sessions with the system by either:
- Physically separated communications paths; or
- Logically separated communications paths.
Supplemental Guidance
Communications paths can be logically separated using encryption.