NIST SP 800-171 & CMMC 2.0 Control 3.7.6 Requirement:

Supervise the maintenance activities of personnel without required access authorization.

NIST SP 800-171 & CMMC 2.0 3.7.6 Requirement Explanation:

Personnel who don't normally conduct maintenance on your systems may not be trustworthy. By supervising them and providing them with an account that automatically expires you can reduce risk.

Example NIST SP 800-171 & CMMC 2.0 3.7.6 Implementation:

When personnel are given temporary access to conduct maintenance work on your systems you need to supervise them. An example is a consultant who is given temporary access to one of your servers to complete a task. For personnel that will only need temporary access to your systems, set their account to expire when they are expected to complete their work.

NIST SP 800-171 & CMMC 2.0 3.7.6 Scenario(s):

- Scenario 1:

A consultant needs to work on one of your company's servers for the day. He will be working in the server room and will need an account to access the server. You assign an employee to supervise the consultant and provide him with a user account that is set to expire at the end of the day.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.