Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
ma-2(2) |
controlled maintenance | automated maintenance activities |
||
|
assessment objective: Determine if the organization: |
||
ma-2(2)(a) |
employs automated mechanisms to: |
||
ma-2(2)(a)[1] |
schedule maintenance and repairs; |
||
ma-2(2)(a)[2] |
conduct maintenance and repairs; |
||
ma-2(2)(a)[3] |
document maintenance and repairs; |
||
ma-2(2)(b) |
produces up-to-date, accurate, and complete records of all maintenance and repair actions: |
||
ma-2(2)(b)[1] |
requested; |
||
ma-2(2)(b)[2] |
scheduled; |
||
ma-2(2)(b)[3] |
in process; and |
||
ma-2(2)(b)[4] |
completed. |
||
potential assessment methods and objects: Examine: [select from: Information system maintenance policy; procedures addressing controlled information system maintenance; automated mechanisms supporting information system maintenance activities; information system configuration settings and associated documentation; maintenance records; other relevant documents or records]. Interview: [select from: Organizational personnel with information system maintenance responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [select from: Automated mechanisms supporting and/or implementing controlled maintenance; automated mechanisms supporting and/or implementing production of records of maintenance and repair actions]. |
|||
