This is the seventh of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems,compliance. This entry covers the controls contained in the Maintenance Policy and Procedures family.
What is it?
To keep systems in good working order and to minimize risks from hardware and software failures, it is important that companies establish procedures for systems maintenance. There are many ways a company can address these maintenance requirements. Controlled maintenance of a system deals with maintenance that is scheduled and performed in accordance with the manufacturer’s specifications. Maintenance performed outside of a scheduled cycle, known as corrective maintenance, occurs when a system fails or generates an error condition that must be corrected to return the system to operational conditions.📷Maintenance can be performed locally or non-locally. Non-local maintenance is any maintenance or diagnostics performed by individuals communicating through a network either internally or externally (e.g., the internet). Companies should perform periodic and timely maintenance on company systems and provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
How does Greenfield solve it?
The Greenfield System resides entirely within the AWS U.S. GovCloud West infrastructure. All of the hardware is maintained at that facility by AWS. Greenfield provides Maintenance by relying exclusively on AWS to schedule, perform, document, and review records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements. AWS controls all maintenance activities, and does not permit the removal of AWS equipment for off-site maintenance or repairs; all repairs are conducted at the AWS facility. In the event that the maintenance of equipment requires offsite repair, new equipment is procured, and the damaged equipment is sanitized in accordance with AWS Media Disposal Procedures. It's the Greenfield client’s responsibility to maintain the workstations that are used to access the Greenfield System in good working order. But since the environment is accessed through a VM, as long as you have a functioning, modern, computer with access to the internet you'll have access. We'll address a well patched and secure computer in a future blog.📷