MA-4(4): Authentication and Separation of Maintenance Sessions

Control Family:

Maintenance

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

Protect nonlocal maintenance sessions by:

  1. Employing [Assignment: organization-defined authenticators that are replay resistant]; and
  2. Separating the maintenance sessions from other network sessions with the system by either:
    1. Physically separated communications paths; or
    2. Logically separated communications paths.

Supplemental Guidance

Communications paths can be logically separated using encryption.