CMMC Practice Requirement:
Supervise the maintenance activities of personnel without required access authorization.
CMMC Requirement Explanation:
Personnel who don't normally conduct maintenance on your systems may not be trustworthy. By supervising them and providing them with an account that automatically expires you can reduce risk.
Example CMMC Implementation:
When personnel are given temporary access to conduct maintenance supervise them. An example is a consultant who is given temporary access to one of your servers to complete a task. For personnel that will only need temporary access to your systems, set their account to expire when they are expected to complete their work.
- Scenario 1:
A consultant needs to work on one of your company's servers for the day. He will be working in the server room and will need an account to access the server. You assign an employee to supervise the consultant and provide him with a user account that is set to expire at the end of the day.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance