CCI-000876

Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system.

Implementation Guidance

Determine if: - the use of nonlocal maintenance and diagnostic tools are allowed only as consistent with organizational policy. - the use of nonlocal maintenance and diagnostic tools are documented in the security plan for the system.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing nonlocal system maintenance; remote access policy; remote access procedures; system design documentation; system configuration settings and associated documentation; maintenance records; records of remote access; diagnostic records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for managing nonlocal maintenance; mechanisms implementing, supporting, and/or managing nonlocal maintenance; mechanisms for strong authentication of nonlocal maintenance diagnostic sessions; mechanisms for terminating nonlocal maintenance sessions and network connections].

The controls below (if any) were marked by NIST as being related to CCI-000876.