Reference: CMMC v2.13
Family: MA
Level Introduced: 2
Title: Perform Maintenance
Practice:
Perform maintenance on organizational systems.
Further Discussion:
One common form of computer security maintenance is regular patching of discovered vulnerabilities in software and operating systems, though there are others that require attention.
System maintenance includes:
• corrective maintenance (e.g., repairing problems with the technology);
• preventative maintenance (e.g., updates to prevent potential problems);
• adaptive maintenance (e.g., changes to the operative environment); and
• perfective maintenance (e.g., improve operations).
Example
You are responsible for maintenance activities on your company’s machines. This includes regular planned maintenance, unscheduled maintenance, reconfigurations when required, and damage repairs [a]. You know that failing to conduct maintenance activities can impact system security and availability, so you ensure that maintenance is regularly performed. You track all maintenance performed to assist with troubleshooting later if needed.
Potential Assessment Considerations
• Are systems, devices, and supporting systems maintained per manufacturer recommendations or company defined schedules [a]?
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
800-171 Requirements v2 (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.