NIST 800-53 Rev 5
424 controls available
MA-4lowmoderatehigh
Nonlocal Maintenance
Maintenance
Control Statement
Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session and network connections when nonlocal maintenance is completed.
Discussion
Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Local maintenance and diagnostic activities are carried out by individuals who are physically present at the system location and not communicating across a network connection. Authentication techniques used to establish nonlocal maintenance and diagnostic sessions reflect the network access requirements in [IA-2](#ia-2) . Strong authentication requires authenticators that are resistant to replay attacks and employ multi-factor authentication. Strong authenticators include PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Enforcing requirements in [MA-4](#ma-4) is accomplished, in part, by other controls. [SP 800-63B](#e59c5a7c-8b1f-49ca-8de0-6ee0882180ce) provides additional guidance on strong authentication and authenticators.
- Framework
- NIST SP 800-53 Rev 5
- Family
- Maintenance
- Baselines
- low, moderate, high
Related Frameworks
9 paths across 2 frameworks
Related Frameworks
NIST 800-1711 mapping
3.7.5
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI8 mappings
CCI-000873
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000874
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000876
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000877
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000878
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000879
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004190
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004191
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
108 STIGs reach this control through 27 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Desktop
3 STIGs
Operating System — Desktop
3 STIGsMicrosoft Windows 10 Security Technical Implementation Guide
32025-02-255 of 261 findings match
H2M3
Microsoft Windows 11 Security Technical Implementation Guide
V2R72026-02-125 of 262 findings match
H2M3
Microsoft Windows 11 Security Technical Implementation Guide
22025-05-155 of 258 findings match
H2M3
Operating System — Server
38 STIGs
Operating System — Server
38 STIGsCloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V1R62026-02-275 of 439 findings match
H3M2
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
12025-05-225 of 445 findings match
H1M4
General Purpose Operating System Security Requirements Guide
32024-12-045 of 198 findings match
H3M2
General Purpose Operating System Security Requirements Guide
V3R32025-09-225 of 203 findings match
H3M2
Microsoft Windows Server 2019 Security Technical Implementation Guide
32025-05-235 of 275 findings match
H2M3
Microsoft Windows Server 2019 Security Technical Implementation Guide
V3R82026-02-125 of 282 findings match
H2M3
Microsoft Windows Server 2022 Security Technical Implementation Guide
22025-05-155 of 275 findings match
H2M3
Microsoft Windows Server 2022 Security Technical Implementation Guide
V2R82026-02-135 of 282 findings match
H2M3
Show 30 more STIGs in this category →Hide additional STIGs
Microsoft Windows Server 2025 Security Technical Implementation Guide
V1R12026-02-205 of 284 findings match
H2M3
Red Hat Enterprise Linux 10 Security Technical Implementation Guide
V1R12026-03-115 of 434 findings match
H4M1
Oracle Linux 7 Security Technical Implementation Guide
32025-05-083 of 243 findings match
M3
Oracle Linux 9 Security Technical Implementation Guide
12025-05-083 of 456 findings match
H1M2
Oracle Linux 9 Security Technical Implementation Guide
V1R52026-02-173 of 448 findings match
H1M2
Amazon Linux 2023 Security Technical Implementation Guide
V1R32026-02-272 of 187 findings match
H1M1
Anduril NixOS Security Technical Implementation Guide
V1R22025-08-192 of 103 findings match
H2
Anduril NixOS Security Technical Implementation Guide
12024-10-252 of 104 findings match
H2
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
V1R52026-02-062 of 194 findings match
M2
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
12025-05-162 of 194 findings match
M2
HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide
V2R12021-11-232 of 19 findings match
H1M1
Oracle Linux 8 Security Technical Implementation Guide
22025-05-132 of 374 findings match
M2
Oracle Linux 8 Security Technical Implementation Guide
V2R82026-02-132 of 375 findings match
H2
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V1R42026-02-102 of 208 findings match
H1M1
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
12025-05-082 of 210 findings match
H1M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V2R52026-02-192 of 226 findings match
H1M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
22025-05-082 of 226 findings match
M2
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
22025-05-161 of 172 findings match
M1
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V2R82026-02-061 of 188 findings match
M1
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
22025-05-161 of 187 findings match
M1
HPE 3PAR SSMC Operating System Security Technical Implementation Guide
V2R12024-08-271 of 14 findings match
M1
IBM AIX 7.x Security Technical Implementation Guide
V3R22026-02-061 of 283 findings match
H1
IBM AIX 7.x Security Technical Implementation Guide
32024-08-161 of 283 findings match
H1
Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
22025-02-251 of 83 findings match
M1
Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide
V2R42026-02-231 of 81 findings match
M1
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
22025-05-141 of 450 findings match
H1
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V2R82026-02-051 of 446 findings match
H1
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
32025-05-141 of 211 findings match
M1
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide
V2R72026-02-191 of 214 findings match
M1
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide
22025-05-141 of 216 findings match
M1
Operating System — Mainframe
2 STIGs
Operating System — Mainframe
2 STIGsMainframe Product Security Requirements Guide
V3R42025-09-105 of 194 findings match
M5
Mainframe Product Security Requirements Guide
32024-12-055 of 193 findings match
M5
Network Device
45 STIGs
Network Device
45 STIGsJuniper SRX Services Gateway NDM Security Technical Implementation Guide
V3R32024-12-205 of 68 findings match
H4M1
Cisco ISE NDM Security Technical Implementation Guide
V2R32025-12-113 of 53 findings match
H2M1
Cisco ISE NDM Security Technical Implementation Guide
22024-09-103 of 53 findings match
H2M1
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide
V1R52025-11-193 of 60 findings match
H2M1
Fortinet FortiGate Firewall NDM Security Technical Implementation Guide
12023-06-013 of 60 findings match
H2M1
Network Device Management Security Requirements Guide
V5R32025-02-113 of 104 findings match
H2M1
Network Device Management Security Requirements Guide
V5R42025-09-103 of 105 findings match
H2M1
Cisco ASA NDM Security Technical Implementation Guide
V2R42025-12-082 of 47 findings match
H2
Show 37 more STIGs in this category →Hide additional STIGs
Cisco ASA NDM Security Technical Implementation Guide
22025-05-192 of 47 findings match
H2
Cisco IOS Router NDM Security Technical Implementation Guide
V3R72026-02-252 of 43 findings match
H2
Cisco IOS Router NDM Security Technical Implementation Guide
32025-05-192 of 43 findings match
H2
Cisco IOS Switch NDM Security Technical Implementation Guide
V3R72026-02-252 of 43 findings match
H2
Cisco IOS Switch NDM Security Technical Implementation Guide
32025-05-192 of 43 findings match
H2
Cisco IOS XE Router NDM Security Technical Implementation Guide
V3R72026-02-112 of 42 findings match
H2
Cisco IOS XE Router NDM Security Technical Implementation Guide
32025-05-162 of 42 findings match
H2
Cisco IOS XE Switch NDM Security Technical Implementation Guide
V3R62026-03-042 of 42 findings match
H2
Cisco IOS XE Switch NDM Security Technical Implementation Guide
32025-05-192 of 42 findings match
H2
Cisco IOS XR Router NDM Security Technical Implementation Guide
32025-05-192 of 27 findings match
H2
Cisco IOS XR Router NDM Security Technical Implementation Guide
V3R62026-02-262 of 27 findings match
H2
Cisco NX OS Switch NDM Security Technical Implementation Guide
V3R22024-09-102 of 42 findings match
H2
Cisco NX OS Switch NDM Security Technical Implementation Guide
32025-05-192 of 42 findings match
H2
Dell OS10 Switch NDM Security Technical Implementation Guide
V1R12024-12-112 of 39 findings match
H2
Domain Name System (DNS) Security Requirements Guide
V4R22025-12-192 of 119 findings match
M2
Domain Name System (DNS) Security Requirements Guide
42024-07-022 of 118 findings match
M2
HP FlexFabric Switch NDM Security Technical Implementation Guide
V1R42025-06-122 of 79 findings match
M2
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide
V2R42025-12-102 of 56 findings match
H2
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide
22025-03-072 of 56 findings match
H2
Juniper Router NDM Security Technical Implementation Guide
V3R22024-12-052 of 49 findings match
H2
Palo Alto Networks NDM Security Technical Implementation Guide
V3R32025-03-122 of 34 findings match
H1M1
Symantec ProxySG NDM Security Technical Implementation Guide
V1R22019-12-202 of 32 findings match
H2
Arista MLS EOS 4.X NDM Security Technical Implementation Guide
V2R22025-02-201 of 21 findings match
H1
F5 NGINX Security Technical Implementation Guide
V1R12026-01-071 of 32 findings match
M1
HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide
V1R12026-03-031 of 19 findings match
M1
IBM DataPower Network Device Management Security Technical Implementation Guide
V1R22017-10-051 of 64 findings match
M1
Infoblox 7.x DNS Security Technical Implementation Guide
22020-12-101 of 67 findings match
M1
Infoblox 8.x DNS Security Technical Implementation Guide
V1R22025-03-111 of 71 findings match
M1
Ivanti Connect Secure NDM Security Technical Implementation Guide
V2R32025-09-091 of 29 findings match
H1
Ivanti Connect Secure NDM Security Technical Implementation Guide
22024-09-161 of 29 findings match
H1
Network WLAN AP-IG Management Security Technical Implementation Guide
V7R22023-09-131 of 19 findings match
H1
Network WLAN AP-NIPR Management Security Technical Implementation Guide
V7R22023-09-131 of 18 findings match
H1
Network WLAN Bridge Management Security Technical Implementation Guide
V7R22023-09-131 of 18 findings match
H1
Network WLAN Controller Management Security Technical Implementation Guide
V7R22023-09-181 of 18 findings match
H1
Riverbed NetIM OS Security Technical Implementation Guide
V1R12025-10-021 of 154 findings match
H1
SEL-2740S NDM Security Technical Implementation Guide
V1R12019-05-061 of 13 findings match
H1
Trend Micro TippingPoint NDM Security Technical Implementation Guide
V2R32025-03-101 of 30 findings match
H1
Database
2 STIGs
Database
2 STIGsDatabase Security Requirements Guide
V4R52026-02-261 of 142 findings match
M1
Database Security Requirements Guide
42024-12-041 of 142 findings match
M1
Web / Application Server
6 STIGs
Web / Application Server
6 STIGsApplication Security and Development Security Technical Implementation Guide
62025-02-126 of 286 findings match
M6
Application Security and Development Security Technical Implementation Guide
V6R42025-09-096 of 286 findings match
M6
Application Server Security Requirements Guide
V4R42025-09-101 of 137 findings match
M1
Application Server Security Requirements Guide
42025-02-111 of 128 findings match
M1
Web Server Security Requirements Guide
V4R42025-09-101 of 126 findings match
M1
Web Server Security Requirements Guide
42025-02-121 of 124 findings match
M1
Virtualization / Container
6 STIGs
Virtualization / Container
6 STIGsContainer Platform Security Requirements Guide
V2R42025-09-105 of 188 findings match
M5
Container Platform Security Requirements Guide
22025-05-155 of 187 findings match
M5
Nutanix Acropolis GPOS Security Technical Implementation Guide
V1R12026-02-243 of 106 findings match
H2M1
Virtual Machine Manager Security Requirements Guide
22024-12-061 of 193 findings match
M1
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match
M1
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
V1R12023-10-291 of 104 findings match
M1
Endpoint Security Management
6 STIGs
Endpoint Security Management
6 STIGsHYCU Protege Security Technical Implementation Guide
V1R22026-03-042 of 55 findings match
H2
HYCU Protege Security Technical Implementation Guide
12024-10-292 of 55 findings match
H2
Unified Endpoint Management Server Security Requirements Guide
22024-12-092 of 137 findings match
H1M1
Unified Endpoint Management Server Security Requirements Guide
V2R42025-09-102 of 138 findings match
H1M1
Ivanti EPMM Server Security Technical Implementation Guide
V3R12024-07-301 of 26 findings match
H1
Ivanti Sentry 9.x NDM Security Technical Implementation Guide
V3R12024-09-251 of 26 findings match
H1