The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The seventh of the 14 Families of Requirements for NIST 800-171 compliance is maintenance.
What is Maintenance in Terms of NIST 800-171?
The Maintenance family of requirements requires the establishment of proper network and system maintenance processes, as well as a system to track and document these processes. All maintenance must have a proper business case and be approved. If maintenance on equipment is performed off-premises, data must first be secured and /or sanitized off of the equipment. Address asset maintenance with policies and procedures. Maintenance has six requirements; 2 Basic and 4 Derived.
Basic Requirements
- 3.7.1 Perform maintenance on organizational systems.
- 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
Derived Requirements
- 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.
- 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
- 3.7.5 Require multi-factor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
- 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization.
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.
Keep up with our latest content by following NeQter Labs on Twitter, Facebook, LinkedIn, and Youtube.