MA-4(3)
MA-4(3): Comparable Security / Sanitization
The organization:
- (a): Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or
- (b): Removes the component to be serviced from the information system prior to nonlocal maintenance or diagnostic services, sanitizes the component (with regard to organizational information) before removal from organizational facilities, and after the service is performed, inspects and sanitizes the component (with regard to potentially malicious software) before reconnecting the component to the information system.
Supplemental
Comparable security capability on information systems, diagnostic tools, and equipment providing maintenance services implies that the implemented security controls on those systems, tools, and equipment are at least as comprehensive as the controls on the information system being serviced.
CIA Levels | |
---|---|
Confidentiality | high |
Integrity | high |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |