Navigate

CCI-000870

CCI-000870 Definition

Check media containing diagnostic and test programs for malicious code before the media are used in the system.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if media containing diagnostic and test programs are checked for malicious code before the media are used in the system.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing system maintenance tools; system maintenance tools and associated documentation; maintenance records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational process for inspecting media for malicious code; mechanisms supporting and/or implementing the inspection of media used for maintenance].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000870.

Control	Description
MA-3(2)	Check media containing diagnostic and test programs for malicious code before the media are used in the system.