MA-4 Nonlocal Maintenance

Description

Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.

Authentication techniques used in the establishment of nonlocal maintenance and diagnostic sessions reflect the network access requirements in IA-2. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication.

Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric.

Enforcing requirements in MA-4 is accomplished in part by other controls.

Applicability

The owner of an information resource, or designee, is responsible for implementing this Control.

Implementation

TAMU-CC custodians shall authorize, monitor, and control any remotely executed maintenance and diagnostic activities, as follows:

1. Approve and monitor non-local maintenance and diagnostic activities;
2. Allows the use of non-local maintenance and diagnostic tools only as consistent with TAMU-CC policy and documented in the security plan for the information system;
3. Employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions;
4. Maintains records for non-local maintenance and diagnostic activities; and
5. Terminates session and network connections when non-local maintenance is completed.

Revision History

Last Updated: February 21, 2025

Previous Versions:

• June 29, 2023
• May 31, 2022
• March 25, 2021
• September 16, 2019