NIST 800-53 REV 5 • MAINTENANCE

MA-7Field Maintenance

Restrict or prohibit field maintenance on {{ insert: param, ma-07_odp.01 }} to {{ insert: param, ma-07_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Field maintenance is the type of maintenance conducted on a system or system component after the system or component has been deployed to a specific site (i.e., operational environment). In certain instances, field maintenance (i.e., local maintenance at the site) may not be executed with the same degree of rigor or with the same quality control checks as depot maintenance. For critical systems designated as such by the organization, it may be necessary to restrict or prohibit field maintenance at the local site and require that such maintenance be conducted in trusted facilities with additional controls.

Practitioner Notes

Field maintenance — repairing or servicing equipment at the location where it is deployed rather than in a controlled repair facility — may need to be restricted or prohibited for certain systems due to security risks.

Example 1: For systems processing CUI or classified data, require that all hardware repairs be performed in your secured facility, not at a vendor's workshop. If a drive fails, replace it on-site and destroy the failed drive according to your media sanitization policy rather than sending it out for warranty replacement.

Example 2: Document in your maintenance policy which systems require in-house-only maintenance and which can be serviced in the field. For field-serviceable equipment, ensure all storage media is removed and secured before the equipment leaves your facility. Track the chain of custody in your maintenance log.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities