800-53|MA-3

Title

MAINTENANCE TOOLS

Description

The organization approves, controls, and monitors information system maintenance tools.

Supplemental

This control addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools can include hardware, software, and firmware items. Maintenance tools are potential vehicles for transporting malicious code, either intentionally or unintentionally, into a facility and subsequently into organizational information systems. Maintenance tools can include, for example, hardware/software diagnostic test equipment and hardware/software packet sniffers. This control does not cover hardware/software components that may support information system maintenance, yet are a part of the system, for example, the software implementing 'ping', 'ls', 'ipconfig', or the hardware and software implementing the monitoring port of an Ethernet switch.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: MA-2,MA-5,MP-6

Category: MAINTENANCE

Family: MAINTENANCE

Priority: P3

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 13 OS v1.2.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 16 OS v1.0.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 15 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 12 OS v1.1.0
1.1 Ensure packages are obtained from authorized repositories	Unix	CIS PostgreSQL 14 OS v 1.2.0
3.7 Audit Software Inventory	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L2
3.7 Audit Software Inventory	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
3.7 Audit Software Inventory	Unix	CIS Apple macOS 10.14 v2.0.0 L2
3.7 Audit Software Inventory	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
3.7 Audit Software Inventory	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
3.7 Audit Software Inventory	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
8.7 Ensure that Only Approved Extensions Are Installed	microsoft_azure	CIS Microsoft Azure Foundations v3.0.0 L1
DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use.	Unix	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5
DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use.	Unix	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6
EDGE-00-000002 - Bypassing Microsoft Defender SmartScreen prompts for sites must be disabled.	Windows	DISA STIG Edge v2r1
EDGE-00-000003 - Bypassing of Microsoft Defender SmartScreen warnings about downloads must be disabled.	Windows	DISA STIG Edge v2r1
EDGE-00-000004 - The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used.	Windows	DISA STIG Edge v2r1
FGFW-ND-000190 - FortiGate devices performing maintenance functions must restrict use of these functions to authorized personnel only.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
WNDF-AV-000025 - Microsoft Defender AV must be configured to scan removable drives.	Windows	DISA STIG Microsoft Defender Antivirus v2r4

Detections

Analytics