NIST 800-53 REV 5 • MAINTENANCE

MA-3(4)Restricted Tool Use

Restrict the use of maintenance tools to authorized personnel only.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Restricting the use of maintenance tools to only authorized personnel applies to systems that are used to carry out maintenance functions.

Practitioner Notes

Only authorized personnel should be using maintenance tools on your systems. This prevents unauthorized individuals from using diagnostic tools that could access sensitive data or modify system configurations.

Example 1: Lock maintenance tools in a secure cabinet or equipment room. Require sign-out with supervisor approval before tools can be used. Maintain a log of who checked out each tool, when, and for what purpose.

Example 2: For software-based maintenance tools, restrict access using Active Directory security groups. Only members of a 'Maintenance Tools' group can launch diagnostic applications. Configure AppLocker rules to enforce this restriction at the OS level.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities