The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The seventh of the 14 Families of Requirements for NIST 800-171 compliance is maintenance.
What is Maintenance in Terms of NIST 800-171?
The Maintenance family of requirements requires the establishment of proper network and system maintenance processes, as well as a system to track and document these processes. All maintenance must have a proper business case and be approved. If maintenance on equipment is performed off-premises, data must first be secured and /or sanitized off of the equipment. Address asset maintenance with policies and procedures. Maintenance has six requirements; 2 Basic and 4 Derived.
- 3.7.1 Perform maintenance on organizational systems.
- 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
- 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.
- 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
- 3.7.5 Require multi-factor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
- 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization.
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.