An OSCAL Control
Check media containing diagnostic and test programs for malicious code before the media are used in the system.
If, upon inspection of media containing maintenance, diagnostic, and test programs, organizations determine that the media contains malicious code, the incident is handled consistent with organizational incident handling policies and procedures.
media containing diagnostic and test programs are checked for malicious code before the media are used in the system.
Maintenance policy
procedures addressing system maintenance tools
system maintenance tools and associated documentation
maintenance records
system security plan
other relevant documents or records
Organizational personnel with system maintenance responsibilities
organizational personnel with information security responsibilities
Organizational process for inspecting media for malicious code
mechanisms supporting and/or implementing the inspection of media used for maintenance