Reference: CMMC 2.0
Family: MA
Level Introduced: 2
Title: Nonlocal Maintenance
Practice:
Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
CMMC Clarification:
Nonlocal maintenance activities must use multifactor authentication. Multifactor authentication requires at least two things to prove who the user says he is. One thing can be something you have, such as a device that generates a one-time passcode. Another thing can be something you know, for example, a password or passphrase. Or, another thing can be something specific to you, such as a fingerprint. Requiring two or more things to prove your identity increases the security of the connection. Nonlocal maintenance activities are activities conducted from external network connections. After nonlocal maintenance activities are complete, shut down the external network connection.
Example
You are in charge of conducting maintenance for your organization. You are an employee working remotely. You establish a remote connection to the company's network using the company's VPN solution. When you log on to the remote connection, you must provide a one-time passcode and a token generated by a token device. You need both of these things to prove your identity. After you enter your password and passcode, you have access to the maintenance remote connection. When you finish your activities, you shut down the remote connection.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.