Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through an external network. The authentication techniques employed in the establishment of these nonlocal maintenance and diagnostic sessions reflect the network access requirements in 3.5.3. 

Priority: High   

Category: Network Security 

Services Associated with AWS:  

  • AWS Identity and Access Management (IAM), AWS Multi-Factor Authentication (MFA) 

Objective Evidence:   

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how IT Asset Management (ITAM) is implemented
  • Administrative: supporting documentation to demonstrate how Multi-Factor Authentication (MFA) is implemented
  • Technical: screenshot of MFA settings 

Possible Technology Considerations : 

  • Multi-Factor Authentication (MFA)
  • Remote Access Solution 

What needs to be answered :  

Does all remote access to a system for maintenance or diagnostics occur via an approved remote solution using multifactor authentication? Does the system require multifactor authentication for remote access? Are all sessions and remote connections terminated when remote maintenance is completed? 

  • Multifactor Authentication for Nonlocal Maintenance Sessions
    Description: This check ensures that organizations require multifactor authentication for establishing nonlocal maintenance sessions via external network connections. It also ensures that such sessions are terminated when nonlocal maintenance is complete. The use of multifactor authentication enhances the security of nonlocal maintenance activities by requiring multiple factors to authenticate the individuals accessing the systems.

More Details: 

IT Staff required multi-factor authentication prior to conducting system maintenance.