Description
The organization allows only authorized personnel to perform maintenance on the information system.\n
Supplemental Guidance
Maintenance personnel (whether performing maintenance locally or remotely) have appropriate access authorizations to the information system when maintenance activities allow access to organizational information or could result in a future compromise of confidentiality, integrity, or availability. When maintenance personnel do not have needed access authorizations, organizational personnel with appropriate access authorizations supervise maintenance personnel during the performance of maintenance activities on the information system.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 17799 (legacy)
6.2.39.2.4
COBIT 4.1 (legacy)
None.