CMMC 2.0 System Maintenance Report – Student Practice Tool

🎓 Student Instructions

Click ✏️ Edit Mode to enable all narrative text blocks — click again to lock. All inline fields and tables are always directly editable.
Complete Section 1 (Report Info) with your case study organization's details. All fields are clickable.
In Section 2 (MA Controls), update each control's status and write your organization's implementation description and evidence.
Use "+ Add Row" buttons to populate tables in Sections 3–8. Use "+ Add Item" to expand lists.
Use 💾 Save (Ctrl+S) to preserve your work, 📤 Export JSON to download, and 🖨️ Print for your final submission.

1. Report Information & Compliance Overview

Organization Name:

Report Period:

Prepared By:

Review Date:

Next Review:

Classification:

CMMC Level:

MA Controls
Implemented

Compliance
Score

Activities
Completed

2. Executive Summary

Key Findings:

3. CMMC 2.0 Maintenance Controls Compliance (MA.L2-3.7.1 – 3.7.6)

MA.L2-3.7.1

Perform Maintenance

Requirement: Perform maintenance on organizational systems.

Implementation:

Evidence:

MA.L2-3.7.2

System Maintenance Control

Requirement: Provide controls on tools, techniques, mechanisms, and personnel used to conduct system maintenance.

Implementation:

Evidence:

MA.L2-3.7.3

Equipment Sanitization

Requirement: Ensure equipment removed for off-site maintenance is sanitized of any CUI.

Implementation:

Evidence:

MA.L2-3.7.4

Media Inspection (Check Diagnostic Media)

Requirement: Check media containing diagnostic and test programs for malicious code before use.

Implementation:

Evidence:

MA.L2-3.7.5

Nonlocal Maintenance (Remote Maintenance)

Requirement: Require MFA for remote maintenance sessions via external network connections; terminate sessions when complete.

Implementation:

Evidence:

MA.L2-3.7.6

Maintenance Personnel Supervision

Requirement: Supervise maintenance activities of personnel without required access authorization.

Implementation:

Evidence:

4. Maintenance Activities Summary

Activity Type	Scheduled	Completed	Pending	Compliance Rate	Action
No activities added — click "+ Add Activity" above.

Preventive Maintenance Schedule

Emergency Maintenance Procedures

5. Asset Lifecycle Management

Asset Category	Total Count	Active	In Maintenance	End of Life	Replacement Planned	Action
No assets added — click "+ Add Asset Category" above.

Action Required:

6. Third-Party Maintenance Oversight

Vendor Name	Service Type	Access Level	Last Activity	Compliance Status	Action
No vendors added — click "+ Add Vendor" above.

Third-Party Vendor Requirements

List the security requirements all third-party maintenance vendors must satisfy:

7. CUI Protection During Maintenance

Remote Access CUI Controls (MA.L2-3.7.5)

8. Approved Maintenance Tools Registry

Tool Name	Version	Purpose	Last Malware Scan	Approval Status	Action
No tools added — click "+ Add Tool" above.

Tool Security Measures

9. Risk Assessment and Mitigation

Risk Description	Likelihood	Impact	Risk Level	Mitigation Status	Action
No risks added — click "+ Add Risk" above.

System Maintenance Report

CMMC 2.0 Level 2 Compliance — Student Practice Exercise

1. Report Information & Compliance Overview

2. Executive Summary

3. CMMC 2.0 Maintenance Controls Compliance (MA.L2-3.7.1 – 3.7.6)

Perform Maintenance

System Maintenance Control

Equipment Sanitization

Media Inspection (Check Diagnostic Media)

Nonlocal Maintenance (Remote Maintenance)

Maintenance Personnel Supervision

4. Maintenance Activities Summary

Preventive Maintenance Schedule

Emergency Maintenance Procedures

5. Asset Lifecycle Management

6. Third-Party Maintenance Oversight

Third-Party Vendor Requirements

7. CUI Protection During Maintenance

Remote Access CUI Controls (MA.L2-3.7.5)

8. Approved Maintenance Tools Registry

Tool Security Measures

9. Risk Assessment and Mitigation

Mitigation Strategies

10. Recommendations & Continuous Improvement

Compliance Attestation

System Maintenance Report

CMMC 2.0 Level 2 Compliance — Student Practice Exercise

1. Report Information & Compliance Overview

2. Executive Summary

3. CMMC 2.0 Maintenance Controls Compliance (MA.L2-3.7.1 – 3.7.6)

Perform Maintenance

System Maintenance Control

Equipment Sanitization

Media Inspection (Check Diagnostic Media)

Nonlocal Maintenance (Remote Maintenance)

Maintenance Personnel Supervision

4. Maintenance Activities Summary

Preventive Maintenance Schedule

Emergency Maintenance Procedures

5. Asset Lifecycle Management

6. Third-Party Maintenance Oversight

Third-Party Vendor Requirements

7. CUI Protection During Maintenance

Remote Access CUI Controls (MA.L2-3.7.5)

8. Approved Maintenance Tools Registry

Tool Security Measures

9. Risk Assessment and Mitigation

Mitigation Strategies

10. Recommendations & Continuous Improvement

Compliance Attestation

⚠️ Reset All Data?