{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control MA-2: Controlled Maintenance. Applicable to LOW impact, MODERATE impact, and HIGH impact systems.", "Keywords": [ "800-53", "Controlled Maintenance", "High", "Low", "Maintenance", "Moderate", "NIST", "P2", "Security" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Security Control MA-2: Controlled Maintenance", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-ma-2_-controlled-maintenance/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/documentation-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for documentation of system maintenance as related to overall maintenance requirements.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/documentation-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for documentation of system maintenance as related to overall maintenance requirements.", "Number": 1, "Version": "1.0", "Name": "Documentation of System Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Documentation of System Maintenance", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/approval-of-system-maintenance-activities/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for approval of system maintenance activities as related to overall maintenance requirements.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/approval-of-system-maintenance-activities/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for approval of system maintenance activities as related to overall maintenance requirements.", "Number": 2, "Version": "1.0", "Name": "Approval of System Maintenance Activities" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Approval of System Maintenance Activities", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/monitoring-of-system-maintenance-activity/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of system maintenance activity as related to overall maintenance requirements.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/monitoring-of-system-maintenance-activity/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of system maintenance activity as related to overall maintenance requirements.", "Number": 3, "Version": "1.0", "Name": "Monitoring of System Maintenance Activity" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Monitoring of System Maintenance Activity", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/removal-of-systems-or-components-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for removal of systems or components for maintenance as related to overall maintenance requirements.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/removal-of-systems-or-components-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for removal of systems or components for maintenance as related to overall maintenance requirements.", "Number": 4, "Version": "1.0", "Name": "Removal of Systems or Components for Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Removal of Systems or Components for Maintenance", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/defined-system-maintenance-record-content/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for defined system maintenance record content as related to overall maintenance requirements.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/defined-system-maintenance-record-content/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for defined system maintenance record content as related to overall maintenance requirements.", "Number": 5, "Version": "1.0", "Name": "Defined System Maintenance Record Content" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Defined System Maintenance Record Content", "$id": "TD_ref5" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/scheduling-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for scheduling of system maintenance as related to overall maintenance requirements.", "Number": 6, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/scheduling-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for scheduling of system maintenance as related to overall maintenance requirements.", "Number": 6, "Version": "1.0", "Name": "Scheduling of System Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Scheduling of System Maintenance", "$id": "TD_ref6" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/review-of-system-maintenance-records/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for review of system maintenance records as related to overall maintenance requirements.", "Number": 7, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/review-of-system-maintenance-records/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for review of system maintenance records as related to overall maintenance requirements.", "Number": 7, "Version": "1.0", "Name": "Review of System Maintenance Records" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Review of System Maintenance Records", "$id": "TD_ref7" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/performance-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for performance of system maintenance as related to overall maintenance requirements.", "Number": 8, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/performance-of-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for performance of system maintenance as related to overall maintenance requirements.", "Number": 8, "Version": "1.0", "Name": "Performance of System Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Performance of System Maintenance", "$id": "TD_ref8" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/verification-of-security-controls-following-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for verification of security controls following system maintenance as related to overall maintenance requirements.", "Number": 9, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/verification-of-security-controls-following-system-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for verification of security controls following system maintenance as related to overall maintenance requirements.", "Number": 9, "Version": "1.0", "Name": "Verification of Security Controls Following System Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Verification of Security Controls Following System Maintenance", "$id": "TD_ref9" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/sanitization-of-equipment-to-be-removed-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of equipment to be removed for maintenance as related to overall maintenance requirements.", "Number": 10, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/sanitization-of-equipment-to-be-removed-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of equipment to be removed for maintenance as related to overall maintenance requirements.", "Number": 10, "Version": "1.0", "Name": "Sanitization of Equipment to be Removed for Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Sanitization of Equipment to be Removed for Maintenance", "$id": "TD_ref10" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }