Detections
Analytics

800-53|MA-4

Title

NONLOCAL MAINTENANCE

Description

The organization:

Supplemental

Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection. Authentication techniques used in the establishment of nonlocal maintenance and diagnostic sessions reflect the network access requirements in IA-2. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Enforcing requirements in MA-4 is accomplished in part by other controls.

Reference Item Details

Related: AC-17,AC-2,AC-3,AC-6,AU-2,AU-3,IA-2,IA-4,IA-5,IA-8,MA-2,MA-5,MP-6,PL-2,SC-10,SC-17,SC-7

Category: MAINTENANCE

Family: MAINTENANCE

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Restrict Access to VTY SessionsCiscoCIS Cisco NX-OS v1.2.0 L1
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.11.1 L1 Master Node
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.3 Ensure that the --DenyServiceExternalIPs is not setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.3 Ensure that the --DenyServiceExternalIPs is not setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.3 Ensure that the DenyServiceExternalIPs is setUnixCIS Kubernetes v1.11.1 L1 Master Node
1.2.3 Limit SSH Login Attempts to 3 or lessCiscoCIS Cisco NX-OS v1.2.0 L1
1.2.4 Ensure Exec Timeout for Console Sessions is set for less than 10CiscoCIS Cisco NX-OS v1.2.0 L1
1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set to less than 10CiscoCIS Cisco NX-OS v1.2.0 L1
1.2.6 Set the Maximum Number of VTY SessionsCiscoCIS Cisco NX-OS v1.2.0 L1
1.2.7 Disable the Telnet FeatureCiscoCIS Cisco NX-OS v1.2.0 L1
1.10 (L2) Host hardware must enable Intel SGX, if availableVMwareCIS VMware ESXi 8.0 v1.2.0 L2
1.10 Use Dedicated "mgmt" Interface and VRF for Administrative FunctionsCiscoCIS Cisco NX-OS v1.2.0 L2
1.20 RHEL-09-212055UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT III
1.24 UBTU-24-100820UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.25 UBTU-24-100830UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.178 UBTU-22-654235UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.222 OL08-00-030130UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.222 RHEL-09-255100UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.223 OL08-00-030140UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.224 OL08-00-030150UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.225 OL08-00-030160UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.226 OL08-00-030170UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.227 OL08-00-030171UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.228 OL08-00-030172UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.229 OL08-00-030180UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 OL08-00-030181UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.231 OL08-00-030190UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.232 OL08-00-030200UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.233 OL08-00-030250UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.234 OL08-00-030260UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.235 OL08-00-030280UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.236 OL08-00-030290UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.237 OL08-00-030300UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.238 OL08-00-030301UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.239 OL08-00-030302UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.240 OL08-00-030310UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.241 OL08-00-030311UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.242 OL08-00-030312UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.246 OL08-00-030316UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.247 OL08-00-030317UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.248 OL08-00-030320UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.249 OL08-00-030330UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.250 OL08-00-030340UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.251 OL08-00-030350UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.252 OL08-00-030360UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.253 OL08-00-030361UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.254 OL08-00-030370UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II