>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

MA.L2-3.7.5Nonlocal Maintenance

Level 2
800-171: 3.7.5

>Control Description

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

>Cross-Framework Mappings

NIST SP 800-171

3.7.5
Compare

SCF

IAC-06
Compare
MNT-05
Compare
MNT-05.4
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your policy for remote maintenance sessions?
  • How do you approve and authorize nonlocal maintenance activities?
  • What is your process for establishing and monitoring remote maintenance sessions?
  • Who must approve nonlocal maintenance and how is it documented?
  • What restrictions apply to remote maintenance versus local maintenance?

Technical Implementation:

  • What technologies enable remote maintenance (VPN, remote desktop)?
  • How do you implement MFA for remote maintenance sessions?
  • What tools log and monitor remote maintenance activities?
  • What mechanisms automatically terminate remote sessions?
  • What technical controls restrict remote maintenance capabilities?

Evidence & Documentation:

  • What maintenance procedures and schedules can you provide?
  • What maintenance records and work orders demonstrate maintenance activities?
  • What sanitization certificates show equipment was sanitized before off-site maintenance?
  • What remote maintenance session logs can you show?
  • What tool inventory lists approved maintenance tools?
  • What evidence shows maintenance personnel are properly supervised or vetted?

Ask AI

Configure your API key to use AI features.