Navigate

CCI-001631

CCI-001631 Definition

After the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed sanitizes and inspects serviced components prior to reusing them on any information system. Alternatively, the organization being inspected/assessed complies with MA-4 (3) CCI 882.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines maintenance procedures for all non-local maintenance and diagnostic services to ensure that the organization being inspected/assessed sanitizes and inspects serviced components prior to reusing them on any information system. Alternatively, the organization conducting the inspection/assessment ensures the organization being inspected/assessed complies with MA-4 (3) CCI 882.

Compelling Evidence

1.) policy that states before removal from the facility for maintenance services, and prior to reconnection, an information system component is inspected for, and sanitized of, potentially malicious software.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001631.

Control	Description
MA-4(3)	The organization: (a): Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or (b): Removes the component to be serviced from the information system prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.

Control

Description

MA-4(3)

The organization:

(a): Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or

(b): Removes the component to be serviced from the information system prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.