A small healthcare facility recently experienced a series of cybersecurity incidents related to unauthorized data access during system upgrade activities. The organization's IT team has been using unapproved software tools, leading to potential data breaches. As a certified CMMC assessor, you have been asked to provide a recommendation to help them meet CMMC practices, specifically regarding system maintenance control. What action should the facility take to comply with CMMC practice MA.L2-3.7.2?
Practise this Certified CMMC Assessor (CCA) Exam question free, then download the PDF, watch the video walkthrough, or unlock timed mock exams for the full web bank.
AImplement basic antivirus measures but allow IT staff discretion on software and tools used for maintenance.
BDevelop and strictly enforce policies and procedures for reviewing, approving, and monitoring all maintenance activities and the tools used.
COutsource the IT department completely to an external managed service provider to handle all upgrades and maintenance activities.
DGrant unrestricted access to the hospital's IT system for maintenance to all IT staff to ensure quick resolution of incidents.
✓ Correct answer: B. Develop and strictly enforce policies and procedures for reviewing, approving, and monitoring all maintenance activities and the tools used.The correct action involves establishing and enforcing comprehensive policies and procedures to control and monitor maintenance processes. This helps ensure that all tools and techniques used are approved and do not expose the organization to unnecessary risk, thereby aligning with CMMC practice MA.L2-3.7.2 requirements.
Keep practising. Use the free Certified CMMC Assessor (CCA) Exam PDF, watch the YouTube walkthrough, or unlock all 10 web questions with timed mock exams.
Free practice here. Timed mocks when you are ready.
Study the Certified CMMC Assessor Prep free question explanations, download the PDF, then unlock timed mock exams on the web when you want exam-day practice.