NIST SP 800-171 Maintenance: Protecting Systems and Data During Maintenance Activities

Maintaining Security While Performing System Maintenance

Cybersecurity is a complex and ever-evolving field, especially for government contractors who are tasked with safeguarding critical infrastructure and data from cyber threats. As part of our ongoing blog series, we now focus on maintenance—one of the key security requirements in NIST SP 800-171. This section addresses the critical aspects of performing maintenance on organizational systems, including the tools, techniques, mechanisms, and personnel involved.

NIST SP 800-171 Maintenance Requirements

• Performing Maintenance on Organizational Systems (3.7.1). Scheduled system maintenance is vital for ensuring the ongoing integrity and security of organizational systems. This includes reviewing system components such as hardware, firmware, applications, and peripheral devices like scanners, copiers, and printers. Regular, controlled maintenance helps keep systems secure and operational.

• Controls on Tools, Techniques, Mechanisms, and Personnel (3.7.2). To prevent unauthorized access and potential security breaches, strict controls must be placed on the tools and personnel involved in system maintenance. This includes regulating external diagnostic and repair tools, whether hardware, software, or firmware, to ensure that no vulnerabilities are introduced during the maintenance process.

• Sanitizing Equipment for Offsite Maintenance (3.7.3). When equipment is removed for offsite maintenance, it must be sanitized to ensure no CUI is present. This is critical to preventing the accidental exposure or loss of sensitive information during the maintenance process.

• Inspecting Media for Malicious Code (3.7.4). Before using diagnostic and test media in organizational systems, it is essential to check for malicious code. If vulnerabilities are detected, organizations must follow their incident handling protocols to address the issue before incorporating any potentially compromised media into their systems.

• Multi-Factor Authentication and Supervision (3.7.5 and 3.7.6). When performing maintenance through external networks, it is essential to use MFA to establish nonlocal maintenance sessions. This ensures that only authorized personnel can access sensitive systems remotely. Additionally, supervising maintenance personnel and managing access credentials, including limiting them to one-time or temporary use, adds an extra layer of security.

  
  

Improving Maintenance Security

Open remote access sessions pose a significant security risk. After completing maintenance, promptly close remote access sessions to reduce the attack surface and minimize potential vulnerabilities. It is also crucial that no CUI is ever involved in maintenance performed outside the organization's enterprise, and that all procedures for managing security threats are rigorously followed.

By implementing MFA for non-local maintenance sessions and supervising personnel during the process, organizations can better safeguard their systems. Additionally, media inspection before use and prompt termination of remote sessions after maintenance will further reduce vulnerabilities.

Ensuring Equipment Sanitization and Media Security

The importance of sanitizing equipment removed for offsite maintenance cannot be overstated. Ensuring that no CUI is present on any device before it leaves the organization is essential for protecting sensitive information. Furthermore, checking diagnostic and test media for malicious code before integrating it into systems is a crucial step in preventing security breaches. NIST SP 800-88 offers comprehensive guidance on media sanitization practices.

Best Practices for Maintenance Security

Implement these practices to protect your systems during maintenance:

• Always sanitize offsite equipment to ensure no CUI is exposed.

• Inspect media for malicious code to avoid system vulnerabilities.

• Use multi-factor authentication for non-local maintenance access.

• Regularly supervise maintenance personnel and ensure proper credential management.

• Promptly close remote access sessions after maintenance to minimize exposure.

Stay Ahead of Compliance with Total Assure

At Total Assure, we leverage over 30 years of cybersecurity experience to help organizations meet NIST SP 800-171 compliance. Our services include:

• Developing and refining maintenance protocols to protect systems and data.

• Conducting media inspections and enforcing robust security practices.

• Offering expert guidance on cybersecurity risk management to support compliance with DFARS, FISMA, FedRAMP, and NIST SP 800-171.

Ensure your DoD contracts stay secure and compliant. Contact us today for a free consultation on building an effective maintenance security strategy.