03.07.05 — (a) Approve and monitor nonlocal maintenance and diagnostic activities. (b) Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. (c) Terminate session and network connections when nonlocal maintenance is completed.

What this control requires

(a) Approve and monitor nonlocal maintenance and diagnostic activities. (b) Implement multi-factor authentication and replay resistance in the establishment of nonlocal maintenance and diagnostic sessions. (c) Terminate session and network connections when nonlocal maintenance is completed.

Source: NIST SP 800-171 R3 §03.07.05 (official control text).

Why this matters

Remote maintenance sessions — whether by IT staff, contractors, or vendors — create privileged pathways into your systems. Without proper controls, an attacker who compromises a technician's laptop or intercepts a session can install backdoors, exfiltrate data, or disable defenses. This control ensures every remote support session is approved, strongly authenticated, auditable, and fully terminated when finished. It prevents lingering connections that become attack vectors and ensures you know who touched what system and when.

What evidence assessors expect

Assessors typically look for: screenshot, CSV export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls