{"id":1423,"date":"2024-07-24T17:16:50","date_gmt":"2024-07-24T17:16:50","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1423"},"modified":"2024-09-06T20:41:47","modified_gmt":"2024-09-06T20:41:47","slug":"ma-1-maintenance-policy-and-procedures","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/maintenance-ma\/ma-1-maintenance-policy-and-procedures\/","title":{"rendered":"MA-1: Maintenance \u2013 Policy and Procedures"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">MA-1: Maintenance \u2013 Policy and Procedures<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>07\/24\/2024&nbsp;<\/h2>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Purpose &#8211;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The Tarleton State University (Tarleton) Maintenance Policy and associated controls document the requirements to ensure that appropriate and timely maintenance is conducted to reduce the risks associated with unpatched resources.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Scope and Roles &#8211;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>This policy applies to information resources owned or managed by Tarleton. The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Compliance &#8211;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>System Maintenance controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a> and Texas A&amp;M University System <a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Implementation &#8211;<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Tarleton CISO, in coordination with information resource owners and custodians, shall develop, document, and disseminate a policy and set of controls that addresses the Maintenance Policy for information resources. These controls and policy should:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and&nbsp;<\/li>\n\n\n\n<li>Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Information resource owners and custodians are responsible for:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Any procedures to facilitate the implementation of the Maintenance Policy and associated controls in order to ensure that the proper system maintenance is performed on information resources operated for\/by Tarleton,&nbsp;<\/li>\n\n\n\n<li>Any maintenance performed is consistent with all applicable security controls, unless otherwise excepted and approved by the Tarleton CISO, and&nbsp;<\/li>\n\n\n\n<li>Ensuring that information resources are under manufacturer warranty\/support for security patches and timely security patching is performed, such as:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Security patches provided by the vendor should be installed within the next maintenance window or 30 days of release, whichever is lesser.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The CISO, or their designee, shall review and update the Maintenance Policy and associated controls as necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Note: <\/strong>Where applicable under <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/configuration-management-cm\/cm-3-configuration-change-control\/\" data-type=\"page\" data-id=\"1121\">Control CM-3, Configuration Change Control<\/a>, change control procedures will be followed and security patches will be systematically tested, validated, and documented before implementation, as applicable.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=24#:~:text=%C2%A0%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.24 (a)(2)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74#:~:text=%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.74 (a)(2)<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MA-1: Maintenance \u2013 Policy and Procedures NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;07\/24\/2024&nbsp; Purpose &#8211;&nbsp; The Tarleton State University (Tarleton) Maintenance Policy and associated controls document the &#8230;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1536,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1423","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 24, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 24, 2024 5:16 pm","modified":"Updated on September 6, 2024 8:41 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1423"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1423\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1536"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}