bigforceone
NIST 800-171 r3 · System and Communications Protection

03.13.16

What this control requires

Source: NIST SP 800-171 R3 §03.13.16 (official control text).

Why this matters

This control ensures the organization protects Controlled Unclassified Information (CUI) from unauthorized disclosure during system maintenance and repair activities. Technicians, vendors, or repair personnel often require elevated access to systems that process or store sensitive data. Without proper sanitization or supervision, CUI could be exposed to individuals lacking appropriate clearance or need-to-know. This requirement mitigates the risk of data leakage through maintenance channels—whether onsite repairs, remote support sessions, or equipment sent offsite for service—by mandating that CUI is either removed, encrypted, or that maintenance occurs under controlled conditions with cleared personnel.

What evidence assessors expect

Assessors typically look for: PDF, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

SC.L2-3.13.16

See your live posture on 03.13.16.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →
← All controls