Skip to main content

πŸ’Ό MA-5(1) Individuals Without Appropriate Access (M)(H)

  • Contextual name: πŸ’Ό MA-5(1) Individuals Without Appropriate Access (M)(H)
  • ID: /frameworks/fedramp-high-security-controls/ma/05/01
  • Located in: πŸ’Ό MA-5 Maintenance Personnel (L)(M)(H)

Description​

(a) Implement procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements:

  1. Maintenance personnel who do not have needed access authorizations, clearances, or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the system by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified; and

  2. Prior to initiating maintenance or diagnostic activities by personnel who do not have needed access authorizations, clearances or formal access approvals, all volatile information storage components within the system are sanitized and all nonvolatile storage media are removed or physically disconnected from the system and secured; and

(b) Develop and implement [Assignment: organization-defined alternate controls] in the event a system component cannot be sanitized, removed, or disconnected from the system.

MA-5 (1) Additional FedRAMP Requirements and Guidance:

Requirement: Only MA-5 (1) (a) (1) is required by FedRAMP Moderate Baseline.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/ma/05/01
  • Internal
    • ID: dec-c-8715a148

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MA-5(1) Maintenance Personnel _ Individuals Without Appropriate Access

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό MA-5(1) Individuals Without Appropriate Access (M)(H)

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags