CCI-001631

After the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.

Implementation Guidance

Determine if: - the component to be serviced is removed from the system prior to nonlocal maintenance or diagnostic services. - the component to be serviced is sanitized (for organizational information). - the component is inspected and sanitized (for potentially malicious software) after the service is performed and before reconnecting the component to the system.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing nonlocal system maintenance; service provider contracts and/or service-level agreements; maintenance records; inspection records; audit records; equipment sanitization records; media sanitization records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; system maintenance provider; organizational personnel with information security responsibilities; organizational personnel responsible for media sanitization; system/network administrators]. Test: [SELECT FROM: Organizational processes for comparable security and sanitization for nonlocal maintenance; organizational processes for the removal, sanitization, and inspection of components serviced via nonlocal maintenance; mechanisms supporting and/or implementing component sanitization and inspection].

The controls below (if any) were marked by NIST as being related to CCI-001631.