Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ma-5(2)

maintenance  personnel  | security clearances for classified systems

assessment objective:

Determine if the organization ensures that personnel performing maintenance and diagnostic activities on an information system processing, storing, or transmitting classified information possess:

ma-5(2)[1]

security clearances for at least the highest classification level on the system;

ma-5(2)[2]

security clearances for all compartments of information on the system;

ma-5(2)[3]

formal access approvals for at least the highest classification level on the system; and

ma-5(2)[4]

formal access approvals for all compartments of information on the system.

potential assessment methods and objects:

Examine: [select from: Information system maintenance policy; procedures addressing maintenance personnel; personnel records; maintenance records; access control records; access credentials; access authorizations; other relevant documents or records].

Interview: [select from: Organizational personnel with information system maintenance responsibilities; organizational personnel with personnel security responsibilities; organizational personnel with physical access control responsibilities; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for managing security clearances for maintenance personnel].