CMMC 1.0 Practice MA.2.114 Requirement:
Supervise the maintenance activities of personnel without required access authorization.
CMMC 1.0 MA.2.114 Requirement Explanation:
Personnel who don't normally conduct maintenance on your systems may not be trustworthy. By supervising them and providing them with an account that automatically expires you can reduce risk.
Example CMMC 1.0 MA.2.114 Implementation:
When personnel are given temporary access to conduct maintenance supervise them. An example is a consultant who is given temporary access to one of your servers to complete a task. For personnel that will only need temporary access to your systems, set their account to expire when they are expected to complete their work.
CMMC 1.0 MA.2.114 Scenario(s):
- Scenario 1:
A consultant needs to work on one of your company's servers for the day. He will be working in the server room and will need an account to access the server. You assign an employee to supervise the consultant and provide him with a user account that is set to expire at the end of the day.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.