CMMC Domain MA
100% of computer systems will fail, eventually. These practices define a strategy to limit opportunities which may expose critical data and services to intentional, or unintentional, misconfiguration, malicious code, and outages.
- Perform maintenance on organizational systems.
- Require multifactor authentication to establish non-local maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
- Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
- Supervise the maintenance activities of personnel without required access authorization.
- Ensure equipment removed for off-site maintenance is sanitized of any CUI.
- Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.