MA.L2-3.7.4—Media Inspection
Level 2
800-171: 3.7.4
>Control Description
Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for using diagnostic and test media?
- •How do you verify diagnostic media is free from malicious code before use?
- •Who approves diagnostic and test programs for use on production systems?
- •What is your process for obtaining diagnostic tools from trusted sources?
Technical Implementation:
- •What antivirus or scanning tools check diagnostic media?
- •How do you scan diagnostic media before use?
- •What technical controls prevent use of unchecked diagnostic media?
- •What tools verify diagnostic media integrity?
- •What logging captures diagnostic media scanning?
Evidence & Documentation:
- •What maintenance procedures and schedules can you provide?
- •What maintenance records and work orders demonstrate maintenance activities?
- •What sanitization certificates show equipment was sanitized before off-site maintenance?
- •What remote maintenance session logs can you show?
- •What tool inventory lists approved maintenance tools?
- •What evidence shows maintenance personnel are properly supervised or vetted?
Ask AI
Configure your API key to use AI features.