800-53|MA-4

Title

NONLOCAL MAINTENANCE

Description

The organization:

Supplemental

Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection. Authentication techniques used in the establishment of nonlocal maintenance and diagnostic sessions reflect the network access requirements in IA-2. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Enforcing requirements in MA-4 is accomplished in part by other controls.

Reference Item Details

Related: AC-17,AC-2,AC-3,AC-6,AU-2,AU-3,IA-2,IA-4,IA-5,IA-8,MA-2,MA-5,MP-6,PL-2,SC-10,SC-17,SC-7

Category: MAINTENANCE

Family: MAINTENANCE

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.2 Ensure that the --token-auth-file parameter is not setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.3 Ensure that the --DenyServiceExternalIPs is not setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.3 Ensure that the --DenyServiceExternalIPs is not setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
3.1.3.3 daemonUnixCIS IBM AIX 7.1 L1 v2.0.0
3.6.2.1 OpenSSH - InstallationUnixCIS IBM AIX 7.1 L1 v2.0.0
4.1.3.10 Ensure use of privileged commands is collectedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EACCES 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EACCES 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EPERM 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EPERM 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EACCES 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EACCES 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EPERM 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EPERM 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EACCES 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EACCES 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EPERM 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EPERM 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - openat EACCES 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - openat EACCES 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - openat EPERM 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - openat EPERM 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - truncate EACCES 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - truncate EACCES 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - truncate EPERM 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - truncate EPERM 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - faillockUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - lastlogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.15 Ensure all uses of the passwd command are audited.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.16 Ensure auditing of the unix_chkpwd commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.17 Ensure audit of the gpasswd commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.18 Ensure audit all uses of chageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.19 Ensure audit all uses of the chsh command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.20 Ensure audit the umount commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.21 Ensure audit of postdrop commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.22 Ensure audit of postqueue command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.23 Ensure audit ssh-keysign command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.24 Ensure audit of crontab commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.26 Ensure audit of the rmdir syscall - 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.26 Ensure audit of the rmdir syscall - 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.27 Ensure audit of unlink syscall - 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.27 Ensure audit of unlink syscall - 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.28 Ensure audit unlinkat syscall - 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.28 Ensure audit unlinkat syscall - 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.33 Ensure audit of semanage commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.34 Ensure audit of the setsebool command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.35 Ensure audit of the chcon commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.36 Ensure audit of the userhelper commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG