Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Description

This lesson covers Domain 9, which is system maintenance. This lesson covers basic security requirements 3.7.1 and 3.7.2.

Video Transcription

00:04
Now the main nine is maintenance maintaining our systems. So our basic security requirements perform maintenance on organizational information systems. So when we think about maintenance, what sorts of things do we think about? We wanna think about being very proactive
00:23
in our maintenance.
00:25
You know, if I'm ah mechanic on a plane, I don't want to wait till there's a problem to think about. We should have manipulated this function or if I'm driving down the road, I don't wait until, uh, my engine overheats. Toe add cooler, right. We would be very proactive. So when we talk about maintenance, we
00:45
in order to determine
00:47
ah, what maintenance is needed. In many instances, we think about things like monitoring performance, making sure that were consistent with their baseline configuration, patching the system, monitoring those patches, documenting there's patches, any sort of thing that we need to do
01:06
to maintain that
01:07
Baseline day today. Performance and security expectation that we have. So we're gonna have to monitor risks. We're gonna have to stay. Ah, breast of current events is for us. The threat landscape goes, and we're gonna have to be very proactive. So we're gonna perform maintenance on our systems
01:26
Ah, and provide effective controls on the tools, techniques, mechanisms
01:30
and personnel used to conduct information system maintenance. And essentially the whole point there is we have to limit who can maintain these systems, who can update thesis systems, who can monitor who has access to the audit logs.
01:47
This is very much an administrative function. And if I can install software, if I can access tools, if I can access the audit, well, perhaps I can delete entries.
01:57
So we want to make sure that we perform maintenance. But we also wanna lock down who can perform that maintenance and who has access to the tools and the other elements responsible to do so.

Up Next

NIST 800-171 Controlled Unclassified Information Course

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor