| This guidance is intended for Information Assurance Managers/Officers or System Administrators tasked with insuring that only those personnel cleared for the level of information processed by the system, and the requisite need to know, are granted access to the system for maintenance purposes: |
1. Refer to guidance for IA control PRMP-1.
2. Except as specifically waivered on a case-by-case basis by the DAA or organizational Security Officer, ensure that all personnel who perform maintenance on classified DoD information systems are cleared to the highest level of information on the system in accordance with DoD personnel security policies by verifying individual clearances and accesses through the organizational security officer.
3. Ensure that system security documentation contains a clearly-stated policy that all cleared personnel who perform maintenance on classified DoD information systems shall require an escort unless they have been authorized access to the computing facility and the DoD information system.
4. Ensure that system security policy states clearly that if uncleared personnel, or personnel with a lower clearance level than that of the system are employed for maintenance purposes, a fully cleared and technically qualified escort shall monitor and record all activities in a maintenance log. The level of detail required in the maintenance log shall be determined by the IAM in accordance with DoD personnel security policies, but should contain, at a minimum, the following information:
a. Name, SSN, position, and company/organization of escorted individual
b. System, node, or network segment on which individual is performing maintenance
c. Security clearance level of the escorted individual
d. Name of escort
e. Start and stop date and times of maintenance work
f. Summary description of maintenance performed
5. Ensure that system security policy mandates that the information system environment is sanitized of all classified material or information prior to entrance of the escorted individual into the workspace.
6. Verify that system security policy mandates that all maintenance personnel comply with DAA requirements for U.S. citizenship, which are explicit for all classified systems.
For further supporting/amplifying information, see: