Reference: CMMC 2.0
Family: MA
Level Introduced: 2
Title: Maintenance Personnel
Practice:
Supervise the maintenance activities of personnel without required access authorization.
CMMC Clarification:
You must supervise everyone who performs maintenance activities. Sometimes a person without proper permissions has to perform maintenance on your machines. Give that individual a logon that is active only once or for a very limited time, to limit system access.
Example
You are in charge of IT operations for your company. One of your software providers has to come on-site to update the software on your company's machines. You give the individual a temporary logon and password that expires in 12 hours. This gives him access long enough to perform the update. When he is on site, you remain with him. You supervise his activities. This ensures that he performs only the maintenance activities you directed.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.