CMMC 1.0 Practice MA.3.116 Requirement:

Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.

CMMC 1.0 MA.3.116 Requirement Explanation:

Media containing diagnostic and test programs refers to software provided by vendors or third parties for diagnostic purposes. These can either be provided on media such as thumb drives or sent electronically. Even if a diagnostic tool is not on removable media you still need to scan it before using it on your systems.

Example CMMC 1.0 MA.3.116 Implementation:

If a third party provides you with a thumb drive or software file to use for diagnostic or test purposes scan them before using them on your systems. Use your anti-virus software to scan the tool. If it is clean you may use it on your systems. Examples of diagnostic tools include the Intel Processor Diagnostic tool and the Dell Embedded Hardware Diagnostics tool.

CMMC 1.0 MA.3.116 Scenario(s):

- Scenario 1:

One of your servers is experiencing issues. You contact the vendor for support. The vendor sends you a diagnostic tool to run on the server. In accordance with your security policy you scan the tool using to determine if the file is malicious. The scan came back clean so you run it on the server.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.