Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family MA

MA-4Nonlocal Maintenance

Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session and network connections when nonlocal maintenance is completed.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control4,832Approving and monitoring nonlocal maintenance per policy enforces access control over remote diagnostic activities.
CWE-287Improper Authentication4,730Requiring strong authentication for establishing nonlocal maintenance sessions directly mitigates improper authentication.
CWE-306Missing Authentication for Critical Function2,567Mandating authentication for nonlocal maintenance addresses missing authentication for this critical function.
CWE-613Insufficient Session Expiration606Terminating sessions and network connections upon completion prevents insufficient session expiration.
CWE-778Insufficient Logging23Maintaining records of nonlocal maintenance activities ensures logging to support detection of issues.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-257752.09.80.0008good
CVE-2025-520892.08.80.0320good
CVE-2026-338921.47.10.0010good
CVE-2025-139141.78.70.0004good
CVE-2026-328381.57.50.0001good

Other controls in family MA

MA-1 MA-2 MA-3 MA-5 MA-6 MA-7