Navigate

CCI-000862

CCI-000862 Definition

Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair or replacement actions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if all potentially impacted controls are checked to verify that the controls are still functioning properly following maintenance, repair, or replacement actions.

Validation Procedures

Examine: [SELECT FROM: Maintenance policy; procedures addressing controlled system maintenance; maintenance records; manufacturer/vendor maintenance specifications; equipment sanitization records; media sanitization records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system maintenance responsibilities; organizational personnel with information security responsibilities; organizational personnel responsible for media sanitization; system/network administrators]. Test: [SELECT FROM: Organizational processes for scheduling, performing, documenting, reviewing, approving, and monitoring maintenance and repairs for the system; organizational processes for sanitizing system components; mechanisms supporting and/or implementing controlled maintenance; mechanisms implementing the sanitization of system components].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000862.

Control	Description
MA-2	a: Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements; b: Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location; c: Require that [personnel or roles required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance or repairs is/are defined;] explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement; d: Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: [information to be removed from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement is defined;]; e: Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and f: Include the following information in organizational maintenance records: [information to be included in organizational maintenance records is defined;].

Control

Description

MA-2

a: Schedule, document, and review records of maintenance, repair, and replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;

b: Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;

c: Require that [personnel or roles required to explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance or repairs is/are defined;] explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;

d: Sanitize equipment to remove the following information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement: [information to be removed from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement is defined;];

e: Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions; and

f: Include the following information in organizational maintenance records: [information to be included in organizational maintenance records is defined;].