The security restrictions imposed in a high-security environment require special treatment of support and maintenance personnel.

On-Site Support and Maintenance

For on-site support and maintenance, the security requirements for a high-security environment are met by physical access controls. Only trusted personnel who are authorized to access system support features are to be granted physical access to the system for maintenance purposes. Disk packs containing sensitive information must be powered down before maintenance personnel are permitted to work on them.

In order for these physical security measures to be effective, support and maintenance personnel must provide suitable identification before they are granted access to the system. Their access to the system must be limited to those areas where they are authorized to work. For example, access to the secure storage area where tapes are kept might not be appropriate for support personnel.

Remote Support

Systems running in a high-security environment should not have an active remote support link. The security standards imposed in a high-security environment require user identification and authentication, and auditability of user actions. Remote support does not offer these features, and should not be permitted in a high-security environment.

For sites that need a high level of security but also need to use the remote support link, follow the recommendations for secure use of remote support in Secure Use of Remote Support.