Protect nonlocal maintenance sessions by:
(a) Employing ma-04.04_odp ; and
(b) Separating the maintenance sessions from other network sessions with the system by either:
(1) Physically separated communications paths; or
(2) Logically separated communications paths.
Communications paths can be logically separated using encryption.