CMMC 2.0 • LEVEL 2 • MAINTENANCE

MA.L2-3.7.4Maintenance Tools

Approve, control, and monitor the use of system maintenance tools. Check media with diagnostic and test programs for malicious code before it is used in the system. Prevent the removal of system maintenance equipment containing CUI by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility.

NIST 800-171 Mapping

NIST 800-53 Controls

MA-4(2)

Assessment Objectives

  • the use of system maintenance tools is approved.
  • the use of system maintenance tools is controlled.
  • the use of system maintenance tools is monitored.
  • media with diagnostic and test programs are checked for malicious code before the media are used in the system.
  • the removal of system maintenance equipment containing CUI is prevented by verifying that there is no CUI on the equipment, sanitizing or destroying the equipment, or retaining the equipment within the facility.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

MA.L2-3.7.1 Perform Maintenance on Organizational Systems MA.L2-3.7.2 Provide Controls on the Tools, Techniques, Mechanisms, and Personnel Used to Conduct System Maintenance MA.L2-3.7.3 Ensure Equipment Removed for Off-Site Maintenance Is Sanitized of Any CUI MA.L2-3.7.5 Nonlocal Maintenance