CMMC Practice MA.2.111

Perform maintenance on organizational systems.

Source

CMMC Version 1.02, pg. 166

Bold Coast Security Guidance

Level 1 compliance is about doing the basics with system maintenance. Level 2 means you have a policy requiring regular maintenance to IT systems in your environment. This includes physical and logical maintenance to keep systems running smoothly and at the level of performance expected. Following manufacturers guidance is the best way to create practices, and then require those practices in your policy statements. At Level 3 you have a security plan noting how you track your activities, and who is responsible for that.

Discussion From Source

DRAFT NIST SP 800-171 R2 This requirement addresses the information security aspects of the system maintenance program and applies to all types of maintenance to any system component (including hardware, firmware, applications) conducted by any local or non-local entity. System maintenance also includes those components not directly associated with information processing and data or information retention such as scanners, copiers, and printers.

References