CCI-004199

Implementation Guidance

Determine if field maintenance on [MA-07_ODP[01]; systems or system components on which field maintenance is restricted or prohibited to trusted maintenance facilities are defined] are restricted or prohibited to [MA-07_ODP[02]; trusted maintenance facilities that are not restricted or prohibited from conducting field maintenance are defined].

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing field maintenance; system design documentation; system configuration settings and associated documentation; maintenance records; diagnostic records; system security plan; other relevant documents or records.]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for managing field maintenance; mechanisms implementing, supporting, and/or managing field maintenance; mechanisms for strong authentication of field maintenance diagnostic sessions; mechanisms for terminating field maintenance sessions and network connections].