NIST 800-53 REV 5 • MAINTENANCE

MA-5(2)Security Clearances for Classified Systems

Verify that personnel performing maintenance and diagnostic activities on a system processing, storing, or transmitting classified information possess security clearances and formal access approvals for at least the highest classification level and for compartments of information on the system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Personnel who conduct maintenance on organizational systems may be exposed to classified information during the course of their maintenance activities. To mitigate the inherent risk of such exposure, organizations use maintenance personnel that are cleared (i.e., possess security clearances) to the classification level of the information stored on the system.

Practitioner Notes

Personnel performing maintenance on classified systems must possess the appropriate security clearances and formal access approvals for the classification level of the information being processed.

Example 1: Before granting a technician access to a classified system, verify their clearance level through DISS (Defense Information System for Security) or your FSO. Confirm they have been formally read into the relevant program. Document the verification in the maintenance record.

Example 2: Maintain a matrix that maps each classified system to its required clearance level and approved maintenance personnel. When a maintenance request comes in, check the technician against this matrix before granting access. Your FSO should sign off on every maintenance event involving classified systems.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities