800-53|MA-3

Title

MAINTENANCE TOOLS

Description

The organization approves, controls, and monitors information system maintenance tools.

Supplemental

This control addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools can include hardware, software, and firmware items. Maintenance tools are potential vehicles for transporting malicious code, either intentionally or unintentionally, into a facility and subsequently into organizational information systems. Maintenance tools can include, for example, hardware/software diagnostic test equipment and hardware/software packet sniffers. This control does not cover hardware/software components that may support information system maintenance, yet are a part of the system, for example, the software implementing 'ping', 'ls', 'ipconfig', or the hardware and software implementing the monitoring port of an Ethernet switch.

Reference Item Details

Related: MA-2,MA-5,MP-6

Category: MAINTENANCE

Family: MAINTENANCE

Priority: P3

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 13 OS v1.2.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 16 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 15 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 12 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositoriesUnixCIS PostgreSQL 14 OS v 1.2.0
3.7 Audit Software InventoryUnixCIS Apple macOS 10.14 v2.0.0 L2
3.7 Audit Software InventoryUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
3.7 Audit Software InventoryUnixCIS Apple macOS 12.0 Monterey v3.1.0 L2
3.7 Audit Software InventoryUnixCIS Apple macOS 14.0 Sonoma v1.1.0 L2
3.7 Audit Software InventoryUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
3.7 Audit Software InventoryUnixCIS Apple macOS 13.0 Ventura v2.1.0 L2
8.7 Ensure that Only Approved Extensions Are Installedmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L1
DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use.UnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5
DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use.UnixMcAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6
EDGE-00-000002 - Bypassing Microsoft Defender SmartScreen prompts for sites must be disabled.WindowsDISA STIG Edge v2r1
EDGE-00-000003 - Bypassing of Microsoft Defender SmartScreen warnings about downloads must be disabled.WindowsDISA STIG Edge v2r1
EDGE-00-000004 - The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used.WindowsDISA STIG Edge v2r1
FGFW-ND-000190 - FortiGate devices performing maintenance functions must restrict use of these functions to authorized personnel only.FortiGateDISA Fortigate Firewall NDM STIG v1r4
WNDF-AV-000025 - Microsoft Defender AV must be configured to scan removable drives.WindowsDISA STIG Microsoft Defender Antivirus v2r4