MA-4(4)—Authentication And Separation Of Maintenance Sessions

Protect nonlocal maintenance sessions by: a. Employing [Assignment: organization-defined authenticators that are replay resistant]; and b. Separating the maintenance sessions from other network sessions with the system by either: 1. Physically separated communications paths; or 2. Logically separated communications paths.