MA.L2-3.7.5 Nonlocal Maintenance

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

Source: NIST SP 800-171 Rev 2 3.7.5

Discussion: Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through an external network. The authentication techniques employed in the establishment of these nonlocal maintenance and diagnostic sessions reflect the network access requirements in 3.5.3.

Assessment Objectives:

Determine if:

• [a] multifactor authentication is used to establish nonlocal maintenance sessions via external network connections; and
• [b] nonlocal maintenance sessions established via external network connections are terminated when nonlocal maintenance is complete.

Examine: [SELECT FROM: System maintenance policy; procedures addressing nonlocal system maintenance; security plan; system design documentation; system configuration settings and associated documentation; maintenance records; diagnostic records; other relevant documents or records].

Interview: [SELECT FROM: Personnel with system maintenance responsibilities; personnel with information security responsibilities; system or network administrators].

Test: [select from: Organizational processes for managing nonlocal maintenance; mechanisms implementing, supporting, and managing nonlocal maintenance; mechanisms for strong authentication of nonlocal maintenance diagnostic sessions; mechanisms for terminating nonlocal maintenance sessions and network connections].

SPRS Score: 5

POA&M Allowed: No