Description
The organization allows only authorized personnel to perform maintenance on the information system.
Supplemental Guidance
Maintenance personnel (whether performing maintenance locally or remotely) have appropriate access authorizations to the information system when maintenance activities allow access to organizational information or could result in a future compromise of confidentiality, integrity, or availability. When maintenance personnel do not have needed access authorizations, organizational personnel with appropriate access authorizations supervise maintenance personnel during the performance of maintenance activities on the information system.
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.7.13
ISO 27002:2022
7.13
COBIT 2019
DSS01
ANSSI
Hygiene.15Hygiene.7SecNumCloud.8.1
FINMA Circular 2023/1
IV.A(28)IV.F(100)V(101)
OSFI B-13
B-13.2.3B-13.4.1
EU GDPR
Art.28(3)(b)Art.32(4)
EU DORA
Art.28(5)
BIO2
7.13
RBI CSF
Annex1.7Annex1.11
FISC Security Guidelines
FISC.F3
MLPS 2.0
8.1.10.2
DNB Good Practice
DNB.18.2
CBE CSF
CTO-10
CBN CSF
Part3.3
CPMI-IOSCO PFMI
PFMI.P17
HIPAA Security Rule
ยง164.310(a)(2)(iv)
ECB CROE
CROE.2.3.4
EBA ICT Guidelines
3.5(a)
SEBI CSCRF
PR.MA
BOT Cyber Resilience
Ch10.1
CMMC 2.0
MA
10 CFR 73.54
RG5.71-B-MA
ISO 27799
11.2
ISO 17799 (legacy)
6.2.39.2.4
COBIT 4.1 (legacy)
None.