Unlock the full potential of your projects.
Show full map

CMMC v2.0 - Maintenance

Other
Tara Lemieux

Controls mapping and traceability diagram. Created by Tara Lemieux and Michael Redman, Schellman Compliance.

Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
CMMC v2.0 - Maintenance by Mind Map: CMMC v2.0 - Maintenance

1. MA.L2-3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization.

1.1. Determine if:

1.2. (a) maintenance personnel without required access authorization are supervised during maintenance activities"

2. MA.L2-3.7.1 Perform maintenance on organizational systems.

2.1. "Determine if:

2.2. (a) system maintenance is performed"

3. MA.L2-3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.

3.1. "Determine if:

3.2. (a) tools used to conduct system maintenance are controlled"

3.3. (b) techniques used to conduct system maintenance are controlled

3.4. (c) mechanisms used to conduct system maintenance are controlled

3.5. (d) personnel used to conduct system maintenance are controlled

4. MA.L2-3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.

4.1. "Determine if:

4.2. (a) equipment to be removed from organizational spaces for off-site maintenance is sanitized of any CUI"

5. MA.L2-3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.

5.1. "Determine if:

5.1.1. Extends SI.L1-3.14.2 require the implementation and updating of mechanisms to protect systems from malicious code, and MA.L2-3.7.4 extends this requirement to diagnostic and testing tools

5.1.2. Extends SI.L1-3.14.4 require the implementation and updating of mechanisms to protect systems from malicious code, and MA.L2-3.7.4 extends this requirement to diagnostic and testing tools

5.2. (a) media containing diagnostic and test programs are checked for malicious code before being used in organizational systems that process, store, or transmit CUI"

6. MA.L2-3.7.5 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

6.1. "Determine if:

6.1.1. AC.L2-3.1.12 requires the control of remote access sessions.

6.1.2. AC.L2-3.1.13 requires the use of cryptographic mechanisms when enabling remote sessions.

6.1.3. AC.L2-3.1.14 limits remote access to specific access control points.

6.1.4. IA.L2-3.5.3 requires multifactor authentication for network access to nonprivileged accounts.

6.2. (a) multifactor authentication is used to establish nonlocal maintenance sessions via external network connections"

6.3. (b) nonlocal maintenance sessions established via external network connections are terminated when nonlocal maintenance is complete