Maintenance: SP 800-171 Security Family 3.7
To keep systems in good working order and to minimize risks from hardware and software failures, it is important that companies establish procedures for systems maintenance. There are many ways a company can address these maintenance requirements. Controlled maintenance of a system deals with maintenance that is scheduled and performed in accordance with the manufacturer’s specifications. Maintenance performed outside of a scheduled cycle, known as corrective maintenance, occurs when a system fails or generates an error condition that must be corrected to return the system to operational conditions. Maintenance can be performed locally or non-locally. Nonlocal maintenance is any maintenance or diagnostics performed by individuals communicating through a network either internally or externally (e.g., the internet). Examples of maintenance requirements include: controlled maintenance, maintenance tools, nonlocal maintenance, maintenance personnel, and timely maintenance. Companies should perform periodic and timely maintenance on company systems and provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
Related Articles
Security Assessment: SP 800-171 Security Family 3.12
A security requirement assessment is the testing and/or evaluation of the management, operational, and technical security requirements on a system to determine the extent to which the requirements are implemented correctly, operating as intended, and ...
Personnel Security: SP 800-171 Security Family 3.9
Users play a vital role in protecting a system as many important issues in information security involve users, designers, implementers, and managers. How these individuals interact with the system and the level of access they need to do their jobs ...
Systems and Communications Protection: SP 800-171 Security Family 3.13
System and communications protection requirements provide an array of safeguards for the system. Some of the requirements in this family address the confidentiality information at rest and in transit. The protection of confidentiality can be provided ...
CMMC MA.2.111 - Perform System Maintenance
Requirement text: MA.2.111: Perform maintenance on organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement addresses the information security aspects of the system maintenance program and applies to all types of ...
CMMC MA.2.112 - Control System Maintenance Tools
Requirement text: MA.2.112: Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement addresses security-related issues with maintenance ...