Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
MA-3
Maintenance tools
The organization approves,
controls, and monitors the use of
information system maintenance
tools and maintains the tools on
an ongoing basis.
MA-4
Remote maintenance
The organization authorizes,
monitors, and controls any
remotely executed maintenance
and diagnostic activities, if
employed.
MA-5
Maintenance
personnel
The organization allows only
authorized personnel to perform
maintenance on the information
system.
MA-6
Timely maintenance
The organization obtains
maintenance support and spare
parts for [assignment:
organization-defined list of key
information system components]
within [assignment: organization-
defined time period] of failure.
Mp
Media protection
MP-1
Media protection
policy and
procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented media protection
policy that addresses purpose,
scope, roles, responsibilities,
management commitment,
coordination among
organizational entities, and
compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the media protection policy and
associated media protection
controls.
MP-2
Media access
The organization restricts access to
information system media to
authorized individuals.
