Navigate

CCI-000890

CCI-000890 Definition

Establish a process for maintenance personnel authorization.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed clearly defines, documents, and establishes a process for the authorization of maintenance personnel.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines procedures addressing maintenance personnel to ensure that the organization being inspected/assessed has established processes for the authorization of maintenance personnel.

Compelling Evidence

1.) Documented process for the authorization of maintenance personnel

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000890.

Control	Description
MA-5	The organization: a: Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel; b: Ensures that non-escorted personnel performing maintenance on the information system have required access authorizations; and c: Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.

Control

Description

MA-5

The organization:

a: Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel;

b: Ensures that non-escorted personnel performing maintenance on the information system have required access authorizations; and

c: Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.