NIST SP 800-53 Rev 5: MA–4 Nonlocal Maintenance 3.7 3.7.1 3.7.5 Maintenance
NIST resources that define requirements for nonlocal system maintenance activities
SEARCH RESULTS
NIST SP 800-53: IA-2 Identification and Authentication (Organization Users) 3.5 3.5.3 3.7 3.7.5 Identification and Authentication Maintenance
Control objectives for the implementation of multi-factor authentication from NIST SP 800-53.
NIST SP 800-53: MA-5 Maintenance Personnel 3.7 3.7.2 3.7.5 3.7.6 Maintenance
The organization: a. Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel; b. Ensures that non-escorted personnel performing maintenance on the information system have required access authorizations; and c. Designates organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.
NIST SP 800-88 Guidelines for Media Sanitization 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
This NIST Special Publication provides guidance for completing the media sanitization process.
North Carolina – IT System Maintenance Policy 3.7 3.7.5 3.7.6 Maintenance
This is State of North Carolina’s IT System Maintenance policy and provides an example of the roles, responsibilities and various components of maintenance supervision.
NSA – Media Destruction Guidance 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
NSA's Center for Storage Device Sanitization Research (CSDSR) guides the sanitization of information system (IS) storage devices. Resources for a vendor of storage device sanitization, the NSA Evaluated Products Lists (EPLs), and contact information for the Center for Storage Device Sanitization Research are provided on this page.
RedHat – Using USBGuard 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes.
SANS – Removable Media Policy 3.1 3.1.21 3.7 3.7.4 3.8 3.8.5 3.8.6 3.8.7 3.8.8 Access Control Maintenance Media Protection
This sample policy provided by SANS discusses removable media.
SANS – Technology Equipment Disposal Policy 3.7 3.7.3 3.8 3.8.3 Maintenance Media Protection
This is a equipment disposal policy created by SANS that can be freely used.
SANS Whitepaper – Two-Factor Authentication (2FA) using OpenOTP 3.5 3.5.2 3.5.3 3.7 3.7.5 Identification and Authentication Maintenance
This SANS whitepaper discusses the theory behind user-based two-factor (or multifactor) authentication systems, also known as “2FA”.