Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family MA

MA-3Maintenance Tools

Approve, control, and monitor the use of system maintenance tools; and Review previously approved system maintenance tools {{ insert: param, ma-03_odp }}.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (3)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,367Approving, controlling, and monitoring maintenance tool use directly enforces authorization and access restrictions over privileged maintenance functions.
CWE-829Inclusion of Functionality from Untrusted Control Sphere298Requiring approval and monitoring of maintenance tools prevents inclusion and execution of functionality obtained from untrusted sources.
CWE-506Embedded Malicious Code85The approval and review process for maintenance tools can prevent introduction or continued use of tools containing embedded malicious code.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family MA

MA-1 MA-2 MA-4 MA-5 MA-6 MA-7