Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: MA-FAMILY: MAINTENANCE

MA-4(1) NONLOCAL MAINTENANCE  |  AUDITING AND REVIEW

Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

ma-4(1)

nonlocal maintenance  | auditing and review

 

assessment objective:

Determine if the organization:

ma-4(1)(a)  

ma-4(1)(a)[1]

defines audit events to audit nonlocal maintenance and diagnostic sessions;

ma-4(1)(a)[2]

audits organization-defined audit events for non-local maintenance and diagnostic sessions; and

ma-4(1)(b)

reviews records of the maintenance and diagnostic sessions.

potential assessment methods and objects:

Examine: [select from: Information system maintenance policy; procedures addressing nonlocal information system maintenance; list of audit events; information system configuration settings and associated documentation; maintenance records; diagnostic records; audit records; reviews of maintenance and diagnostic session records; other relevant documents or records].

Interview: [select from: Organizational personnel with information system maintenance responsibilities; organizational personnel with information security responsibilities; organizational personnel with audit and review responsibilities; system/network administrators].

Test: [select from: Organizational processes for audit and review of nonlocal maintenance; automated mechanisms supporting and/or implementing audit and review of nonlocal maintenance].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056