MA-4(4)

MA-4(4): Authentication and Separation of Maintenance Sessions

Protect nonlocal maintenance sessions by:

(b): Separating the maintenance sessions from other network sessions with the system by either:
- (1): Physically separated communications paths; or
- (2): Logically separated communications paths.

Communications paths can be logically separated using encryption.

Overlays
DAF Baseline, Int-A, Int-B, Int-C

CSF Categories
None

The controls below (if any) were marked by NIST as being related to MA-4(4).

Control	Description
No controls

The controls below (if any) add on to the requirements of MA-4(4).

Control	Description
No controls

The CCIs below are tied to MA-4(4).

CCI	Definition
CCI-000884	Protect nonlocal maintenance sessions by employing organization-defined authenticators that are replay resistant.
CCI-001632	Protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by either physically separated communications paths or logically separated communications paths based upon encryption.
CCI-002887	Defines the authenticators that are replay resistant which will be employed to protect nonlocal maintenance sessions.
CCI-004192	Protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.