NIST SP 800-171 & CMMC 2.0 3.7.1 Requirement:
Perform maintenance on organizational systems
NIST SP 800-171 & CMMC 2.0 3.7.1 Requirement Explanation:
Maintenance generally refers to physical maintenance on your IT systems however it may also include firmware updates that affect the physical operation of a system. Examples include repairing workstations and updating hardware on servers to prevent downtime. Corrective maintenance includes repairing or replacing broken parts on a system. For example, replacing a cracked LCD screen on an employee's workstation. Preventative maintenance involves making changes to a system to prevent future failures. An example is to replace the hard drive on a 4-year-old server before it wears out. Adaptive maintenance involves making changes to a systems operating environment. An example is changing the air temperature in your server. Perfective maintenance is to improve the operation of your systems. An example is upgrading the RAM on a server to improve performance.
Example NIST SP 800-171 & CMMC 2.0 3.7.1 Implementation:
Perform corrective, preventative, adaptive, and perfective maintenance on your systems. Perform maintenance in accordance with manufacturer recommendations. Document and approve all maintenance conducted on your systems.
NIST SP 800-171 & CMMC 2.0 3.7.1 Scenario(s):
- Scenario 1:
A user reports that their laptop's is always hot and the fan is always running. You decide to perform preventative maintenance on the system by contacting the manufacturer to have the fan and heat sink replaced. You document this in a ticket.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.