Maintenance
CMMC Assessment with IntelComp
IntelComp is an independent compliance management platform designed to support businesses in navigating and preparing for cybersecurity frameworks, including CMMC 2.0. While not affiliated with or endorsed by the U.S. Department of Defense (DoD), CMMC-AB, or NIST, IntelComp offers tools and guidance aligned with standards such as NIST SP 800-171A to help organizations strengthen security posture and readiness. All references to government standards are for informational purposes only. IntelComp does not provide certification but empowers you with the resources to pursue compliance confidently and effectively.
CMMC Maintenance (MA) Overview
The Maintenance (MA) domain in CMMC focuses on ensuring that system maintenance activities—both on-site and remote—are performed securely and do not compromise the confidentiality, integrity, or availability of Controlled Unclassified Information (CUI).
Key objectives include:
-
• Performing authorized and documented maintenance only
• Controlling and monitoring remote maintenance sessions
• Verifying personnel involved in maintenance are authorized and trustworthy
• Logging maintenance activities for accountability
• Ensuring that tools and media used during maintenance are secure
By enforcing strict maintenance procedures, organizations can minimize risks associated with system servicing and ensure alignment with CMMC 2.0 cybersecurity requirements.
CMMC Maintenance (MA) Overview
The Maintenance (MA) domain in CMMC focuses on ensuring that system maintenance activities—both on-site and remote—are performed securely and do not compromise the confidentiality, integrity, or availability of Controlled Unclassified Information (CUI).
Key objectives include:
-
• Performing authorized and documented maintenance only
• Controlling and monitoring remote maintenance sessions
• Verifying personnel involved in maintenance are authorized and trustworthy
• Logging maintenance activities for accountability
• Ensuring that tools and media used during maintenance are secure
By enforcing strict maintenance procedures, organizations can minimize risks associated with system servicing and ensure alignment with CMMC 2.0 cybersecurity requirements.
P - Programs, Policies, Procedures (SOPs) | A - Artifacts/Records | T - Training Materials/Comprehension Quiz
| Control ID | PAT | Security Requirement |
|---|---|---|
| 03.07.01 | P | Determining if System Maintenance is Performed Policy |
| 03.07.01 | T | Determining if System Maintenance is Performed Policy Training Material and Comprehension Quiz |
| 03.07.03 | P | Determining if Equipment Removed for Off-Site Maintenance Is Sanitized of Any CUI Policy |
| 03.07.03 | T | Determining if Equipment Removed for Off-Site Maintenance Is Sanitized of Any CUI Policy Training Material and Comprehension Quiz |
| 03.07.04 | P | Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems |
| 03.07.05 | P | Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. |
| 03.07.05.a | P | Using Multi Factor Authentication to Establish Nonlocal Maintenance Sessions via External Network Connections Policy |
| 03.07.05.a | T | Using Multi Factor Authentication to Establish Nonlocal Maintenance Sessions via External Network Connections Policy Training Material and Comprehension Quiz |
| 03.07.05.b | P | Termination of Nonlocal Maintenance Sessions Established via External Network Connections Policy |
| 03.07.05.b | T | Termination of Nonlocal Maintenance Sessions Established via External Network Connections Policy Training Material and Comprehension Quiz |
| 03.07.06 | P | Supervise the maintenance activities of maintenance personnel without required access authorization. |