PRMP-1 Maintenance Personnel
Overview
Maintenance is performed only by authorized personnel. The processes for determining authorization and the list of authorized maintenance personnel is documented.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| SENSITIVE PUBLIC | High | Personnel |
Details
| Threat |
|---|
| Refer to PRAS-1. |
| Guidance |
|---|
| This guidance is intended for Information Assurance Managers/Officers or System Administrators tasked with insuring that only those personnel cleared for the level of information processed by the system, and the requisite need to know, are granted access to the system for maintenance purposes: 1. Review the system security documentation to ensure that personnel security is adequately addressed. Only authorized personnel shall perform maintenance on building utilities. 2. Only authorized personnel shall perform maintenance on sensitive agency equipment. 3. Only authorized personnel shall perform maintenance on facility access points. 4. The processes for determining authorization and the lst of authorized maintenance personnel shall be documented. 5. A list of all authorized maintenance personnel shall be documented. |
References
- DoD 5200.1R (Personnel Security Program), January 1997, Appendix 3 (Controlled Unclassified Information)