CCI-000876

The organization allows the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the information system.

Implementation Guidance

The organization being inspected/assessed: 1. documents within the Security Plan the non-local maintenance and diagnostic tools that are allowed; and 2. allows the use of non-local maintenance and diagnostic tools IAW the tools identified in the Security Plan and MA-4, CCI 873.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines: 1. the Security Plan to ensure non-local maintenance and diagnostic tools have been identified; and 2. maintenance records to ensure only those tools allowed are used IAW MA-4, CCI 873.

Compelling Evidence

1.) Signed and dated Security Plan, which identifies authorized non-local maintenance and diagnostic tools 3.) Maintenance records

The controls below (if any) were marked by NIST as being related to CCI-000876.