NIST 800-171 | MAINTENANCE
Remote desktop support can open up your system to unknown issues. Maintenance attempts to address these sorts of issues along with internal general upkeep of systems.
System support provided by administrators is normally the best way to see how strong your security is implemented. System admins have all the access usually without controls because they are considered your trusted agents. This can be challenging control for a small business. Some recommended practices here are using VPN to connect remotely, training system admins on technical security training such as CISCO security course or AD GPO course, etc.. for a small organization, sysadmins control almost everything and by adding layers of additional monitoring for purpose of maintenance can be ineffective.
Family Name: Maintenance
3.7.1 Perform maintenance on organizational information systems.
This requirement addresses the information security aspects of the system maintenance program and applies to all types of maintenance to any system component conducted by any local or non-local entity.
System maintenance also includes those components not directly associated with information processing and data or information retention such as scanners, copiers, and printers.
3.7.2 Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance.
This requirement addresses security-related issues with maintenance tools that are not within the organizational system boundaries that process, store, or transmit CUI, but are used specifically for diagnostic and repair actions on those systems.
Maintenance tools can include, for example, hardware and software diagnostic test equipment and hardware and software packet sniffers
3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.
NIST Special Publication 800-88 provides guidance on media sanitization.
3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in the information system.
3.7.5 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through an external network.
Authentication techniques used in the establishment of these Non-local maintenance and diagnostic sessions reflect the network access requirements previously stated.
3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization.
This requirement applies to individuals performing hardware or software maintenance on organizational systems.
Organizations may choose to issue temporary credentials to these individuals based on organizational risk assessments.
Temporary credentials may be for one-time use or for very limited time periods.