MA-2 Controlled Maintenance
Statement
WTAMU shall implement procedures to properly control system maintenance. Controlling system maintenance addresses the information security aspects of the system maintenance program and applies to all types of maintenance to system components conducted by local or nonlocal entities. Maintenance includes peripherals such as scanners, copiers, and printers. Information necessary for creating effective maintenance records includes the date and time of maintenance, a description of the maintenance performed, names of the individuals or group performing the maintenance, name of the escort, and system components or equipment that are removed or replaced.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
WTAMU schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements and;
- Approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location;
- Requires that authorized personnel explicitly approve the removal of the information system or system components from University facilities for off-site maintenance or repairs;
- Sanitizes equipment to remove all information from associated media prior to removal from University facilities for off-site maintenance or repairs;
- Checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and
- Includes appropriate information in related maintenance records.