03.07.01 —
What this control requires
Source: NIST SP 800-171 R3 §03.07.01 (official control text).
Why this matters
Maintenance controls ensure that systems remain secure during servicing, repairs, and updates. Unauthorized or poorly controlled maintenance creates windows where attackers can introduce malicious code, exfiltrate data, or disable security features. This control protects against supply chain attacks through maintenance vendors, insider threats from technicians with excessive access, and accidental misconfigurations during routine servicing. By documenting who performs maintenance, what they access, and how tools are controlled, organizations maintain visibility over one of the most commonly exploited attack vectors in operational environments.
What evidence assessors expect
Assessors typically look for: PDF, screenshot, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.07.01.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →