MA-4(4): Authentication and Separation of Maintenance Sessions

Control Family:

Parent Control:

MA-4: Nonlocal Maintenance

CSF v1.1 References:

PR.MA-2

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
MA-4(4): Authentication / Separation Of Maintenance Sessions

Control Statement

Protect nonlocal maintenance sessions by:

Employing [Assignment: organization-defined authenticators that are replay resistant]; and
Separating the maintenance sessions from other network sessions with the system by either:
1. Physically separated communications paths; or
2. Logically separated communications paths.

Supplemental Guidance

Communications paths can be logically separated using encryption.