Got questions? Contact our team today for a free CMMC Consultation
3.7.1
Perform system maintenance in a controlled and documented manner to prevent unauthorized access, ensure integrity, and support auditability.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-2: Perform, record, and review system maintenance in a controlled manner
MA-3: Approve, control, and monitor the use of maintenance tools
MA-3 (1): Inspect maintenance tools for tampering or unauthorized modifications before use
MA-3 (2): Scan portable media used for maintenance for malicious code before connection to the system
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(Includes Intune for asset policy enforcement and Microsoft Defender for Endpoint to validate maintenance integrity.)
3.7.2
Restrict and monitor the use of maintenance tools, techniques, mechanisms, and personnel during system maintenance to prevent tampering or misuse.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-2: Perform, record, and review system maintenance in a controlled manner
MA-3 (1): Inspect maintenance tools for tampering or unauthorized modifications before use
MA-3 (2): Scan portable media used for maintenance for malicious code before connection to the system
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(Defender for Endpoint monitors tool use; Intune restricts access to sanctioned applications.)
3.7.3
Sanitize equipment to ensure removal of CUI before it is removed for off-site maintenance or disposal.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-2: Perform, record, and review system maintenance in a controlled manner
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(Applies to digital assets; policies may also invoke data wipe through Intune and Conditional Access.)
3.7.4
Scan and validate all portable media containing diagnostic or test software for malicious code before connecting it to organizational systems.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-3 (2): Scan portable media used for maintenance for malicious code before connection to the system
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(includes Microsoft Defender for Endpoint with automatic USB device scanning and attack surface reduction rules)
3.7.5
Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate the connection when the session ends.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-4: Authorize, monitor, and control nonlocal (remote) system maintenance
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(includes Conditional Access with MFA, Intune policy for session restrictions, and Defender for Identity for remote session analytics)
3.7.6
Supervise maintenance activities conducted by personnel without proper access authorization to ensure security of the system during servicing.
More details Less details
+ —
Relevant NIST SP 800-53 R5
MA-5: Ensure only authorized personnel perform system maintenance
Recommended Microsoft Licensing
Microsoft 365 E5 (or GCC High E5 for CUI)
(leverages Microsoft Entra ID role-based access control, audit logs, and Microsoft Defender for Endpoint to monitor maintenance sessions and activities)
Contact our team today
See how Agile IT's MSP for CMMC can strengthen your data security and allow your team to focus on your business's objectives and success.
Schedule a FREEconsultation