CMMC MA.2.111 - Perform System Maintenance

CMMC MA.2.111 - Perform System Maintenance

Requirement text: MA.2.111: Perform maintenance on organizational systems.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
This requirement addresses the information security aspects of the system maintenance
program and applies to all types of maintenance to any system component (including
hardware, firmware, applications) conducted by any local or nonlocal entity. System
maintenance also includes those components not directly associated with information
processing and data or information retention such as scanners, copiers, and printers.

CMMC CLARIFICATION
Perform maintenance on your machines. This includes:
      • corrective maintenance (e.g., repairing problems with the technology);
      • preventative maintenance (e.g., updates to prevent potential problems);
      • adaptive maintenance (e.g., changes to the operative environment); and
      • perfective maintenance (e.g., improve operations).

Example
You are in charge of IT at your company. As part of your role, you must perform maintenance
on all the machines within your company. This includes regular planned maintenance,
unscheduled maintenance, reconfigurations when required, and damage repairs. In addition
to performing maintenance, you also keep track of all maintenance performed.

References
• NIST SP 800-171 Rev 1 3.7.1
• NIST CSF v1.1 PR.MA-1
• CERT RMM v1.2 TM:SG5.SP2
• NIST SP 800-53 Rev 4 MA-2

    • Related Articles

    • CMMC MA.2.112 - Control System Maintenance Tools

      Requirement text: MA.2.112: Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement addresses security-related issues with maintenance ...

    • CMMC MA.2.114 - Supervise Maintenance Activities

      Requirement text: MA.2.114: Supervise the maintenance activities of personnel without required access authorization. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement applies to individuals who are performing hardware or software ...

    • CMMC MA.3.116 - Check Maintenance Media for Malicious Code

      Requirement text: MA.3.116: Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 If, upon inspection of media containing ...

    • Maintenance: SP 800-171 Security Family 3.7

      To keep systems in good working order and to minimize risks from hardware and software failures, it is important that companies establish procedures for systems maintenance. There are many ways a company can address these maintenance requirements. ...

    • CMMC MA.2.113 - Require Multifactor Authentication for Maintenance Sessions

      Requirement text: MA.2.113: Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. DISCUSSION FROM SOURCE: DRAFT NIST SP ...