Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Description

• This lesson covers the derived security requirements of maintenance and covers: • 3.7.3 • 3.7.4 • 3.7.5 • 3.7.6

Video Transcription

00:04
Okay, So in looking at the derive security requirements for maintenance, we're going to make sure that any equipment that is sent away to be maintained if it's sent offsite, we're gonna make sure that we sanitize the media
00:19
as necessary. If there is controlled unclassified information on there, we need to wipe that before sending
00:25
thesis system out of our control.
00:28
Um, making sure that our diagnostic and our test programs have no malicious code before we install or before we use that application in their process. You know, many of the applications many little two kids that are out there,
00:46
you know, can't be trusted. The next greatest latest thing
00:50
should still go through our process of testing and evaluation before involved installing on the system.
00:57
We're gonna make sure that multi factor authentication is required for non local maintenance Sesto recessions. So if you're not physically there at the system, your remote ing in and performing some maintenance tasks, we want to get a better guarantee off who you are.
01:17
So when we talk about multi factor authentication, they're really three elements, and this goes back to the authentication requirements.
01:23
There's something you know, something you have in something you are. So when we talk about multi factor, I'm gonna ask you to provide two items or items
01:34
from ATT least two of those categories, right? So multi factor authentication is gonna get me that assurance that this non local entity
01:44
really has a legitimate calls. All right. The maintenance activities of maintenance personnel should be supervised and honestly, with or without required access authentication. You know, any time maintenance is happening on a system that can really open up a vulnerability,
02:01
you know, a software patch can cause as many problems as it fixes.
02:07
And that's not even a malicious software patch. So we're always gonna oversee the maintenance process.

Up Next

NIST 800-171 Controlled Unclassified Information Course

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor