Navigate

CCI-000862

CCI-000862 Definition

Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair or replacement actions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed identifies and documents the impacted security controls and takes steps to verify that the controls are still functioning properly following maintenance or repair actions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documented evidence of the verification of security controls following maintenance and repair actions to ensure that the organization being inspected/assessed checks all potentially impacted security controls to verify that they are still functioning properly.

Compelling Evidence

1.) Documentation that shows verification of security controls following maintenance and repair actions to ensure that they are still functioning properly.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000862.

Control	Description
MA-2	The organization: a: Schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements; b: Approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location; c: Requires that [one of ] explicitly approve the removal of the information system or system components from organizational facilities for off-site maintenance or repairs; d: Sanitizes equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance or repairs; e: Checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and f: Includes [one of ] in organizational maintenance records.

Control

Description

MA-2

The organization:

a: Schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements;

b: Approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location;

c: Requires that [one of ] explicitly approve the removal of the information system or system components from organizational facilities for off-site maintenance or repairs;

d: Sanitizes equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance or repairs;

e: Checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and

f: Includes [one of ] in organizational maintenance records.