Audit assets after maintenance was performed.

Back

CONTROL ID
13657

CONTROL TYPE
Audits and Risk Management

CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Audit the configuration of organizational assets, as necessary., CC ID: 13653

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Following maintenance or repair activities for ICT equipment, the ICT equipment is inspected to confirm it retains its approved software configuration and that no unauthorised modifications have taken place. (Security Control: 1598; Revision: 0, Australian Government Information Security Manual, March 2021)
Following maintenance or repair activities for ICT equipment, the ICT equipment is inspected to confirm it retains its approved software configuration and that no unauthorised modifications have taken place. (Control: ISM-1598; Revision: 0, Australian Government Information Security Manual, June 2023)
Following maintenance or repair activities for ICT equipment, the ICT equipment is inspected to confirm it retains its approved software configuration and that no unauthorised modifications have taken place. (Control: ISM-1598; Revision: 0, Australian Government Information Security Manual, September 2023)
Implement internal control, security and auditability measures during configuration, integration and maintenance of hardware and infrastructural software to protect resources and ensure availability and integrity. Responsibilities for using sensitive infrastructure components should be clearly defin… (AI3.2 Infrastructure Resource Protection and Availability, CobiT, Version 4.1)
The control system shall provide the capability to employ automated mechanisms to support management of security verification during FAT, SAT and scheduled maintenance. (7.5.3.1 ¶ 1, IEC 62443-3-3: Industrial communication networks â Network and system security â Part 3-3: System security requirements and security levels, Edition 1)