This is a potential security issue, you are being redirected to https://nvd.nist.gov
Search & Statistics
CVSS V3 Calculator
CVSS V2 Calculator
Checklist (NCP) Repository
SCAP Validated Tools
Security and Privacy Controls for Federal Information Systems and Organizations
Revision 4 Statements
This control addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools can include hardware, software, and firmware items. Maintenance tools are potential vehicles for transporting malicious code, either intentionally or unintentionally, into a facility and subsequently into organizational information systems. Maintenance tools can include, for example, hardware/software diagnostic test equipment and hardware/software packet sniffers. This control does not cover hardware/software components that may support information system maintenance, yet are a part of the system, for example, the software implementing "ping," "ls," "ipconfig," or the hardware and software implementing the monitoring port of an Ethernet switch.
Related to: MA-2, MA-5, MP-6
Verifying that there is no organizational information contained on the equipment;
Sanitizing or destroying the equipment;
Retaining the equipment within the facility; or
Obtaining an exemption from [Assignment: organization-defined personnel or roles] explicitly authorizing removal of the equipment from the facility.