zydronium/manage.get.gov

mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-04 17:01:56 +02:00

Document things cloud.gov CRM fully supports (#122 )

* document things cloud.gov crm fully supports

* run make assemble

2022-10-13 10:36:44 -04:00

4.5 KiB

Raw Blame History

implementation-status

control-origination

c-implemented

c-inherited-cloud-gov

ma-2 - [catalog] Controlled Maintenance

Control Statement

[a] Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;
[b] Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;
[c] Require that personnel or roles explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;
[d] Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: information;
[e] Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and
[f] Include the following information in organizational maintenance records: information.

Control guidance

Controlling system maintenance addresses the information security aspects of the system maintenance program and applies to all types of maintenance to system components conducted by local or nonlocal entities. Maintenance includes peripherals such as scanners, copiers, and printers. Information necessary for creating effective maintenance records includes the date and time of maintenance, a description of the maintenance performed, names of the individuals or group performing the maintenance, name of the escort, and system components or equipment that are removed or replaced. Organizations consider supply chain-related risks associated with replacement components for systems.

Control assessment-objective

maintenance, repair, and replacement of system components are scheduled in accordance with manufacturer or vendor specifications and/or organizational requirements; maintenance, repair, and replacement of system components are documented in accordance with manufacturer or vendor specifications and/or organizational requirements; records of maintenance, repair, and replacement of system components are reviewed in accordance with manufacturer or vendor specifications and/or organizational requirements; all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location, are approved; all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location, are monitored; personnel or roles is/are required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement; equipment is sanitized to remove information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement; all potentially impacted controls are checked to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; information is included in organizational maintenance records.