Basic Security Requirements:

7.1 Perform maintenance on organizational information systems.

7.2 Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance.

Derived Security Requirements:

7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.

7.4 Check media containing diagnostic and test programs for malicious code before the media are used in the information system.

7.5 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

7.6 Supervise the maintenance activities of maintenance personnel without required access authorization.