NIST CSF: PR.MA-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
MA-4: Nonlocal Maintenance

Showing 1 to 1 of 1 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Monitoring and review of supplier services (15.2.1)
ISO 27001:2013
Information security policy for supplier relationships (15.1.1)
ISO 27001:2013
Equipment maintenance (11.2.4)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Authenticate all remote users at the appropriate level (4.3.3.6.5)
ISA/IEC 62443-2-1:2009
Disable access account after failed remote login attempts (4.3.3.6.7)
ISA/IEC 62443-2-1:2009
Develop a policy for remote login and connections (4.3.3.6.6)
ISA/IEC 62443-2-1:2009
Require re-authentication after remote system inactivity (4.3.3.6.8)
ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B2.b	Device Management	You fully know and have trust in the devices that are used to access your networks, information systems and data that support your essential function.
B2.c	Privileged User Management	You closely manage privileged user access to networks and information systems supporting the essential function.
B2.d	Identity and Access Management (IdAM)	You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.
B2.a	Identity Verification, Authentication and Authorisation	You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
A4.a	Supply Chain	The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.

Showing 1 to 5 of 5 entries

NIST CSF: PR.MA-2 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Monitoring and review of supplier services (15.2.1)

Information security policy for supplier relationships (15.1.1)

Equipment maintenance (11.2.4)

Related ISA/IEC 62443 Controls

Authenticate all remote users at the appropriate level (4.3.3.6.5)

Disable access account after failed remote login attempts (4.3.3.6.7)

Develop a policy for remote login and connections (4.3.3.6.6)

Require re-authentication after remote system inactivity (4.3.3.6.8)

CSF Mapped to the NCSC CAF