Title

Administrative/maintenance ports are not being controlled by deactivating or physically disconnecting remote access devices when not in use. (Cat II impact)

Discussion

Requirement: The IAO will ensure that serial management ports are controlled by deactivating or physically disconnecting access devices (i.e. modems or terminals) that are not in use. The disconnection of remote access devices when not being used will greatly reduce the risk of unauthorized access.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable

Fix Text

Ensure that all remote access devices are deactivated or disconnected when not in use.

Additional Identifiers

Rule ID: SV-8482r1_rule

Vulnerability ID: V-7996

Group Title: Admin./ maintenance ports are not being controlled

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.