CCI-001632

Protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by either physically separated communications paths or logically separated communications paths based upon encryption.

Implementation Guidance

Determine if nonlocal maintenance sessions are protected by separating maintenance sessions from other network sessions with the system by physically separated communication paths.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing nonlocal system maintenance; system design documentation; system configuration settings and associated documentation; maintenance records; audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; network engineers; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for protecting nonlocal maintenance sessions; mechanisms implementing replay-resistant authenticators; mechanisms implementing logically separated/encrypted communication paths].

The controls below (if any) were marked by NIST as being related to CCI-001632.