MA.L2-3.7.4 Media Inspection
Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
Source: NIST SP 800-171 Rev 2 3.7.4
Discussion: If, upon inspection of media containing maintenance diagnostic and test programs, organizations determine that the media contain malicious code, the incident is handled consistent with incident handling policies and procedures.
Assessment Objectives:
Determine if:
- [a] media containing diagnostic and test programs are checked for malicious code before being used in organizational systems that process, store, or transmit CUI.
Examine: [SELECT FROM: System maintenance policy; procedures addressing system maintenance tools; system maintenance tools and associated documentation; maintenance records; security plan; other relevant documents or records].
Interview: [SELECT FROM: Personnel with system maintenance responsibilities; personnel with information security responsibilities].
Test: [select from: Organizational process for inspecting media for malicious code; mechanisms supporting or implementing inspection of media used for maintenance].
SPRS Score: 3
POA&M Allowed: No