MA-05 Maintenance Personnel

Control: The organization allows only authorized personnel to perform maintenance on the information system.

Supplemental Guidance: Maintenance personnel (whether performing maintenance locally or remotely) have appropriate access authorizations to the information system when maintenance activities allow access to organizational information or could result in a future compromise of confidentiality, integrity, or availability. When maintenance personnel do not have needed access authorizations, organizational personnel with appropriate access authorizations supervise maintenance personnel during the performance of maintenance activities on the information system.

Control Enhancements: (0) None.

Baseline: LOW MA-5 MOD MA-5 HIGH MA-5

Family: Maintenance

Class: Operational

ISO 17799 mapping: 6.2.3, 9.2.4

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 8.5.6