CCI-002883

Implementation Guidance

Determine if the use of maintenance tools is restricted to authorized personnel only.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing system maintenance tools; system maintenance tools and associated documentation; list of personnel authorized to use maintenance tools; maintenance tool usage records; maintenance records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for restricting the use of maintenance tools; mechanisms supporting and/or implementing the restricted use of maintenance tools].