Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ma-5(4)

maintenance  personnel  | foreign nationals

assessment objective:

Determine if the organization ensures that:

ma-5(4)(a)

cleared foreign nationals (i.e., foreign nationals with appropriate security clearances) are used to conduct maintenance and diagnostic activities on classified information systems only when the systems are:

ma-5(4)(a)[1]

jointly owned and operated by the United States and foreign allied governments; or

ma-5(4)(a)[2]

owned and operated solely by foreign allied governments; and

ma-5(4)(b)

approvals, consents, and detailed operational conditions regarding the use of foreign nationals to conduct maintenance and diagnostic activities on classified information systems are fully documented within Memoranda of Agreements.

potential assessment methods and objects:

Examine: [select from: Information system maintenance policy; procedures addressing maintenance personnel; information system media protection policy; access control policy and procedures; physical and environmental protection policy and procedures; memorandum of agreement; maintenance records; access control records; access credentials; access authorizations; other relevant documents or records].

Interview: [select from: Organizational personnel with information system maintenance responsibilities, organizational personnel with personnel security responsibilities; organizational personnel managing memoranda of agreements; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for managing foreign national maintenance personnel].