NIST SP 800-171 & CMMC 2.0 - 3.7.1
Perform maintenance on organizational systems
NIST SP 800-171 & CMMC 2.0 - 3.7.2
Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
NIST SP 800-171 & CMMC 2.0 - 3.7.5
Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
NIST SP 800-171 & CMMC 2.0 - 3.7.6
Supervise the maintenance activities of personnel without required access authorization.
NIST SP 800-171 & CMMC 2.0 - 3.7.3
Ensure equipment removed for off-site maintenance is sanitized of any “Controlled Unclassified Information” (CUI).
NIST SP 800-171 & CMMC 2.0 - 3.7.4
Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.