This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization:
(a) Employs automated mechanisms to schedule, conduct, and document maintenance and repairs; and
(b) Produces up-to date, accurate, and complete records of all maintenance and repair actions requested, scheduled, in process, and completed.
NIST 800-53 (r4) Supplemental Guidance:
Related controls: CA-7, MA-3.
References: None
NIST 800-53 (r5) Discussion:
The use of automated mechanisms to manage and control system maintenance programs and activities helps to ensure the generation of timely, accurate, complete, and consistent maintenance records.
38North Guidance:
Meets Minimum Requirement:
An automated tool is used to:
schedule maintenance and repairs
conduct maintenance and repairs
document maintenance repairs
The tool is able to produce accurate, point-in-time records of maintenance and repair actions that are currently requested, scheduled, in process, and completed.
Best Practice:
TBD
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screenshot from tool showing current status of maintenance and repair actions
Ticket or artifact showing the progression of maintenance and repair actions from request through completion, along with relevant information such as time stamps and individuals to which the action is assigned, and the action that was performed to maintain or repair the system.
CSP Implementation Tips:
Amazon Web Services (AWS): Fully Inherited
Microsoft Azure: Fully Inherited
Google Cloud Platform: Fully Inherited