Okay, So in looking at the derives security requirements for maintenance, we're going to make sure that any equipment that is sent away to be maintained if it's sent offsite, we're gonna make sure that we sanitize the media as necessary. If there is controlled unclassified information on there,
we need to wipe that before sending
thesis system out of our control,
making sure that our diagnostic and our test programs have no malicious code before we install or before we use that application in their process. You know, many of the applications many little two kids that are out there,
you know, can't be trusted. The next greatest latest thing
should still go through a process of testing and evaluation before involved installing on the system.
We're gonna make sure that multi factor authentication is required for non local maintenance. Cecil recessions. So if you're not physically there at the system your remote ing in and performing some maintenance tasks, we want to get a better guarantee off who you are.
So when we talk about multi factor authentication, they're really three elements, and this goes back to the authentication requirements.
There's something you know, something you have in something you are. So when we talk about multi factor, I'm gonna ask you to provide two items or items
from ATT least two of those categories, right? So multi factor authentication is gonna get me that assurance that this non local entity
really has a legitimate calls. All right. The maintenance activities of maintenance personnel should be supervised and honestly, with or without required access authentication. You know, any time maintenance is happening on a system that can really open up a vulnerability,
you know, a software patch can cause as many problems as it fixes.
And that's not even a malicious software patch. So we're always gonna oversee the maintenance process.