Maintenance Derived

Video Activity

This lesson covers the derived security requirements for maintenance and discusses the following: • 3.7.3 • 3.7.4 • 3.7.5 • 3.7.6

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 27 minutes
Video Description

This lesson covers the derived security requirements for maintenance and discusses the following: • 3.7.3 • 3.7.4 • 3.7.5 • 3.7.6

Video Transcription
Okay, So in looking at the derives security requirements for maintenance, we're going to make sure that any equipment that is sent away to be maintained if it's sent offsite, we're gonna make sure that we sanitize the media as necessary. If there is controlled unclassified information on there,
we need to wipe that before sending
thesis system out of our control,
making sure that our diagnostic and our test programs have no malicious code before we install or before we use that application in their process. You know, many of the applications many little two kids that are out there,
you know, can't be trusted. The next greatest latest thing
should still go through a process of testing and evaluation before involved installing on the system.
We're gonna make sure that multi factor authentication is required for non local maintenance. Cecil recessions. So if you're not physically there at the system your remote ing in and performing some maintenance tasks, we want to get a better guarantee off who you are.
So when we talk about multi factor authentication, they're really three elements, and this goes back to the authentication requirements.
There's something you know, something you have in something you are. So when we talk about multi factor, I'm gonna ask you to provide two items or items
from ATT least two of those categories, right? So multi factor authentication is gonna get me that assurance that this non local entity
really has a legitimate calls. All right. The maintenance activities of maintenance personnel should be supervised and honestly, with or without required access authentication. You know, any time maintenance is happening on a system that can really open up a vulnerability,
you know, a software patch can cause as many problems as it fixes.
And that's not even a malicious software patch. So we're always gonna oversee the maintenance process.
Up Next
NIST 800-171 Controlled Unclassified Information Course

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Instructed By