NIST 800-53 REV 5 • MAINTENANCE

MA-3(1)Inspect Tools

Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Maintenance tools can be directly brought into a facility by maintenance personnel or downloaded from a vendor’s website. If, upon inspection of the maintenance tools, organizations determine that the tools have been modified in an improper manner or the tools contain malicious code, the incident is handled consistent with organizational policies and procedures for incident handling.

Practitioner Notes

Before maintenance personnel use their tools on your systems, those tools need to be inspected for unauthorized modifications. A tampered maintenance tool could be used to install backdoors or steal data.

Example 1: Before allowing a vendor technician to connect their laptop or diagnostic tool to your network, have your security team verify the tool against your approved list. Check software versions and look for unauthorized software. Document the inspection in the maintenance record.

Example 2: For internally maintained tools, compute and store cryptographic hashes (SHA-256) of all approved maintenance software. Before each use, verify the hash matches the known-good value using PowerShell: Get-FileHash -Algorithm SHA256 tool.exe. Any mismatch triggers an investigation.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities