The seventh family in the NIST 800-171 standard is the Maintenance family. This family addresses your maintenance turnaround time and responsible staff.


Why is Maintenance important?

Maintenance is a crucial part in protecting your systems from a cybersecurity threat. Without regularly scheduled maintenance, your systems’ protections are neglected and quickly become outdated. This can lead to exposed weaknesses in the systems that will allow a threat through. Depending on the state of neglect, that threat may even go undetected while causing irreparable damage and loss of data. Regular maintenance performed by authorized personnel following proper procedures can greatly improve your cybersecurity preparedness.


What is Maintenance about in NIST 800-171?

The Maintenance family contains six controls. The primary focus of this area is to ensure that you have a systems’ maintenance plan that includes identified personnel and procedures for maintenance. Some of the main focus areas include:

  1. Schedule, perform and document maintenance and repairs—Develop a maintenance plan that covers the maintenance tools, techniques, mechanisms, and personnel allowed. Keep a regular maintenance schedule and make sure it is followed. Also, keep a record of both regularly scheduled maintenance and emergency repairs.
  2. Maintain a list of authorized maintenance personnel—Document who is allowed to serve in a maintenance capacity. These individuals should also have authorized access on your systems.
  3. Supervise maintenance activities performed by third parties—Make sure that the list of authorized maintenance personnel is available to your staff and identify employees who are responsible for escorting any third party service providers who are supervised throughout the times of service.


Check back for our next blog post and learn more about the Media Protection family. You may also be interested in reading our last post on Incident Response.



Katherine Bennett

Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.