MA.L2-3.7.1 — Perform maintenance on organizational systems.
What this control requires
Perform maintenance on organizational systems.
Source: CMMC L2 v2.13 MA.L2-3.7.1 / NIST SP 800-171 R2 3.7.1 (official control text).
Why this matters
System maintenance ensures devices, applications, and infrastructure remain secure, stable, and functional. Without structured maintenance, vulnerabilities accumulate, patches go missing, hardware degrades, and undocumented changes create security gaps. This control protects data integrity and availability by requiring organizations to plan, schedule, document, and execute maintenance activities across all IT assets — from servers and workstations to printers and network switches. It mitigates risks from deferred updates, unauthorized modifications, and uncontrolled system access during repair activities.
What evidence assessors expect
Assessors typically look for: PDF, CSV export, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on MA.L2-3.7.1.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →