Notice

01/10/2025: Due to sustained inclement winter weather conditions, all Tarleton State University campuses will remain closed with alternative work locations for employees Friday, Jan. 10. More Information

MA-2: Controlled Maintenance

NIST Baseline: Low

DIR Required By: 07/20/2023

Review Date: 07/24/2024

It is the responsibility of the information resource owner, or designee to:
- Schedule, perform, document, and review records of maintenance, repairs, or software patching on information resources in accordance with manufacturer or vendor specifications and/or university or unit requirements;
- Approve and monitor all maintenance activities, whether performed on-site or remotely and whether the equipment is serviced on-site or removed to another location;
- Explicitly approve the removal of the information resources or components from university facilities for off-site maintenance or repairs;
- Sanitize equipment to remove all critical, confidential, or university-internal data from associated media prior to removal from university facilities for off-site maintenance, repairs, or surplus;
- Check all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and
- Ensure applicable maintenance and patching records are documented in change control.

References/Additional Resources

None. See any applicable internal procedures.