CMMC Practice Requirement:

Supervise the maintenance activities of personnel without required access authorization.

CMMC Requirement Explanation:

Personnel who don't normally conduct maintenance on your systems may not be trustworthy. By supervising them and providing them with an account that automatically expires you can reduce risk.

Example CMMC Implementation:

When personnel are given temporary access to conduct maintenance supervise them. An example is a consultant who is given temporary access to one of your servers to complete a task. For personnel that will only need temporary access to your systems, set their account to expire when they are expected to complete their work.

Scenario(s):

- Scenario 1:

A consultant needs to work on one of your company's servers for the day. He will be working in the server room and will need an account to access the server. You assign an employee to supervise the consultant and provide him with a user account that is set to expire at the end of the day.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance