Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family MA

MA-4Nonlocal Maintenance

Approve and monitor nonlocal maintenance and diagnostic activities; Allow the use of nonlocal maintenance and diagnostic tools only as consistent with organizational policy and documented in the security plan for the system; Employ strong authentication in the establishment of nonlocal maintenance and diagnostic sessions; Maintain records for nonlocal maintenance and diagnostic activities; and Terminate session and network connections when nonlocal maintenance is completed.

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control5,367Approving and monitoring nonlocal maintenance per policy enforces access control over remote diagnostic activities.
CWE-287Improper Authentication4,908Requiring strong authentication for establishing nonlocal maintenance sessions directly mitigates improper authentication.
CWE-306Missing Authentication for Critical Function2,820Mandating authentication for nonlocal maintenance addresses missing authentication for this critical function.
CWE-613Insufficient Session Expiration642Terminating sessions and network connections upon completion prevents insufficient session expiration.
CWE-778Insufficient Logging25Maintaining records of nonlocal maintenance activities ensures logging to support detection of issues.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2026-25775 UPD7.09.80.0040good
CVE-2026-338925.57.10.0021good
CVE-2025-139145.58.70.0028good
CVE-2026-328385.57.50.0014good

Other controls in family MA

MA-1 MA-2 MA-3 MA-5 MA-6 MA-7