NIST 800-53 REV 5 • MAINTENANCE

MA-3(5)Execution with Privilege

Monitor the use of maintenance tools that execute with increased privilege.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Maintenance tools that execute with increased system privilege can result in unauthorized access to organizational information and assets that would otherwise be inaccessible.

Practitioner Notes

Some maintenance tools run with elevated privileges — administrative rights, kernel access, or root-level permissions. These tools need extra monitoring because misuse could compromise the entire system.

Example 1: Enable command-line auditing and PowerShell script block logging on all systems where maintenance tools with elevated privileges are used. Configure the GPO at Computer Configuration → Administrative Templates → Windows Components → Windows PowerShell → Turn on Script Block Logging.

Example 2: Use a privileged access management (PAM) tool like CyberArk, BeyondTrust, or Azure AD Privileged Identity Management (PIM) to control access to maintenance tools that require admin rights. Require just-in-time activation and record all sessions for review.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities