CCI-000890
CCI-000890 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - a process for maintenance personnel authorization is established. - a list of authorized maintenance organizations or personnel is maintained.
Validation Procedures
Examine: [SELECT FROM: Maintenance policy; procedures addressing maintenance personnel; service provider contracts; service-level agreements; list of authorized personnel; maintenance records; access control records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for authorizing and managing maintenance personnel; mechanisms supporting and/or implementing authorization of maintenance personnel].