NIST 800-171 v2
110 security requirements available
3.7.2Basic Requirement
Maintenance
Security Requirement
Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
Discussion
This requirement addresses security-related issues with maintenance tools that are not within the organizational system boundaries that process, store, or transmit CUI, but are used specifically for diagnostic and repair actions on those systems. Organizations have flexibility in determining the controls in place for maintenance tools, but can include approving, controlling, and monitoring the use of such tools. Maintenance tools are potential vehicles for transporting malicious code, either intentionally or unintentionally, into a facility and into organizational systems. Maintenance tools can include hardware, software, and firmware items, for example, hardware and software diagnostic test equipment and hardware and software packet sniffers.
- Framework
- NIST SP 800-171 Rev 2
- Family
- Maintenance
- Requirement Type
- basic
Related Frameworks
124 paths across 2 frameworks
Related Frameworks
NIST 800-534 mappings
MA-2
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
MA-3
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
MA-3(1)
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
MA-3(2)
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI30 mappings
CCI-000859
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000860
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000861
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000862
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000865
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000866
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000867
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000869
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000870
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002866
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002867
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002868
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002869
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002870
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002871
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002872
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002873
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002874
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002875
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002876
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004174
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004175
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004176
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004177
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004178
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004179
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004180
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004181
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004186
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004187
1.00
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
15 STIGs reach this control through 48 CCIs via 800-53 controls MA-2, MA-3. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Server
4 STIGs
Operating System — Server
4 STIGsGeneral Purpose Operating System Security Requirements Guide
32024-12-041 of 198 findings match
M1
General Purpose Operating System Security Requirements Guide
V3R32025-09-221 of 203 findings match
M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
22025-05-081 of 226 findings match
M1
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V2R52026-02-191 of 226 findings match
M1
Operating System — Mainframe
3 STIGs
Operating System — Mainframe
3 STIGsIBM Hardware Management Console (HMC) Security Technical Implementation Guide
V2R12024-06-241 of 35 findings match
M1
Mainframe Product Security Requirements Guide
32024-12-051 of 193 findings match
M1
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match
M1
Network Device
2 STIGs
Network Device
2 STIGsNetwork Device Management Security Requirements Guide
V5R32025-02-111 of 104 findings match
M1
Network Device Management Security Requirements Guide
V5R42025-09-101 of 105 findings match
M1
Virtualization / Container
2 STIGs
Virtualization / Container
2 STIGsVirtual Machine Manager Security Requirements Guide
22024-12-061 of 193 findings match
M1
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match
M1
Endpoint Security Management
2 STIGs
Endpoint Security Management
2 STIGsMicrosoft Defender Antivirus Security Technical Implementation Guide
22022-04-081 of 41 findings match
M1
Microsoft Defender Antivirus Security Technical Implementation Guide
V2R82026-02-171 of 67 findings match
M1
Productivity Application
2 STIGs
Productivity Application
2 STIGsMicrosoft Edge Security Technical Implementation Guide
22025-05-153 of 59 findings match
M2L1
Microsoft Edge Security Technical Implementation Guide
V2R52026-02-253 of 61 findings match
M2L1