Part 3 - Maintenance Derived

Video Activity

• This lesson covers the derived security requirements of maintenance and covers: • 3.7.3 • 3.7.4 • 3.7.5 • 3.7.6

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 27 minutes
Video Description

• This lesson covers the derived security requirements of maintenance and covers: • 3.7.3 • 3.7.4 • 3.7.5 • 3.7.6

Video Transcription
Okay, So in looking at the derive security requirements for maintenance, we're going to make sure that any equipment that is sent away to be maintained if it's sent offsite, we're gonna make sure that we sanitize the media
as necessary. If there is controlled unclassified information on there, we need to wipe that before sending
thesis system out of our control.
Um, making sure that our diagnostic and our test programs have no malicious code before we install or before we use that application in their process. You know, many of the applications many little two kids that are out there,
you know, can't be trusted. The next greatest latest thing
should still go through our process of testing and evaluation before involved installing on the system.
We're gonna make sure that multi factor authentication is required for non local maintenance Sesto recessions. So if you're not physically there at the system, your remote ing in and performing some maintenance tasks, we want to get a better guarantee off who you are.
So when we talk about multi factor authentication, they're really three elements, and this goes back to the authentication requirements.
There's something you know, something you have in something you are. So when we talk about multi factor, I'm gonna ask you to provide two items or items
from ATT least two of those categories, right? So multi factor authentication is gonna get me that assurance that this non local entity
really has a legitimate calls. All right. The maintenance activities of maintenance personnel should be supervised and honestly, with or without required access authentication. You know, any time maintenance is happening on a system that can really open up a vulnerability,
you know, a software patch can cause as many problems as it fixes.
And that's not even a malicious software patch. So we're always gonna oversee the maintenance process.
Up Next