NIST CSF: PR.MA-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
MA-4: Nonlocal Maintenance

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Monitoring and review of supplier services (15.2.1)
    ISO 27001:2013
  • Information security policy for supplier relationships (15.1.1)
    ISO 27001:2013
  • Equipment maintenance (11.2.4)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Authenticate all remote users at the appropriate level (4.3.3.6.5)
    ISA/IEC 62443-2-1:2009
  • Disable access account after failed remote login attempts (4.3.3.6.7)
    ISA/IEC 62443-2-1:2009
  • Develop a policy for remote login and connections (4.3.3.6.6)
    ISA/IEC 62443-2-1:2009
  • Require re-authentication after remote system inactivity (4.3.3.6.8)
    ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
B2.b Device Management You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function.
B2.c Privileged User Management You closely manage privileged user access to networks and information systems supporting the essential function.
B2.d Identity and Access Management (IdAM) You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.
B2.a Identity Verification, Authentication and Authorisation You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
A4.a Supply Chain The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.