MA.2.111

Name: Paragone
Price range: $

Content

Control Acronym

Family

Maintenance

CMMC Level

800-171 Control #

3.7.1

CMMC Description

Perform maintenance on organizational systems.

CMMC Clarification

Perform maintenance on your machines. This includes: * corrective maintenance (e.g., repairing problems with the technology) * preventative maintenance (e.g., updates to prevent potential problems) * adaptive maintenance (e.g., changes to the operative environment) * perfective maintenance (e.g., improve operations). Example You are in charge of IT at your company. As part of your role, you must perform maintenance on all the machines within your company. This includes regular planned maintenance, unscheduled maintenance, reconfigurations when required, and damage repairs. In addition to performing maintenance, you also keep track of all maintenance performed.

800-171 Description

Perform maintenance on organizational systems.

800-171 Discussion

This requirement addresses the information security aspects of the system maintenance program and applies to all types of maintenance to any system component (including hardware, firmware, applications) conducted by any local or nonlocal entity. System maintenance also includes those components not directly associated with information processing and data or information retention such as scanners, copiers, and printers.

Other Source Discussion

N/A

CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 MA-2

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.7.1

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.MA-1

CERT RMM Reference

CERT RMM v1.2 TM:SG5.SP2

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Sub-Criterias

Assessment Sub-Criteria 1

MA.2.111.[a] system maintenance is performed.

MA.2.111

Content

Control Acronym

Family

CMMC Level

800-171 Control #

CMMC Description

CMMC Clarification

800-171 Description

800-171 Discussion

Other Source Discussion

CIS Control References

NIST 800-53 Control Ref.

CMMC Derived

NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Sub-Criterias

Assessment Sub-Criteria 1

Assessment Sub-Criteria 2

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15