NIST SP 800-171 & CMMC 2.0 - 3.7.1

Perform maintenance on organizational systems

NIST SP 800-171 & CMMC 2.0 - 3.7.2

Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.

NIST SP 800-171 & CMMC 2.0 - 3.7.5

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

NIST SP 800-171 & CMMC 2.0 - 3.7.6

Supervise the maintenance activities of personnel without required access authorization.

NIST SP 800-171 & CMMC 2.0 - 3.7.3

Ensure equipment removed for off-site maintenance is sanitized of any “Controlled Unclassified Information” (CUI).

NIST SP 800-171 & CMMC 2.0 - 3.7.4

Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.