NIST 800-53 REV 5 • MAINTENANCE

MA-5(4)Foreign Nationals

Ensure that: Foreign nationals with appropriate security clearances are used to conduct maintenance and diagnostic activities on classified systems only when the systems are jointly owned and operated by the United States and foreign allied governments, or owned and operated solely by foreign allied governments; and Approvals, consents, and detailed operational conditions regarding the use of foreign nationals to conduct maintenance and diagnostic activities on classified systems are fully documented within Memoranda of Agreements.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Personnel who conduct maintenance and diagnostic activities on organizational systems may be exposed to classified information. If non-U.S. citizens are permitted to perform maintenance and diagnostics activities on classified systems, then additional vetting is required to ensure agreements and restrictions are not being violated.

Practitioner Notes

Foreign nationals may only perform maintenance on classified systems under specific conditions — generally only on jointly owned and operated systems, and only with appropriate clearances from their government.

Example 1: If your organization operates a coalition or partner system, document which systems foreign nationals may access and the specific agreements (such as a CJCS or bilateral security agreement) that authorize their access. Maintain this documentation with your FSO.

Example 2: For any foreign national performing maintenance, obtain approval from your cognizant security agency. Document the foreign national's clearance, citizenship, the authorizing agreement, and supervisory arrangements. Assign a U.S. citizen escort for the duration of the maintenance.

More Maintenance Controls

MA-1 Policy and Procedures MA-2 Controlled Maintenance MA-2(1) Record Content MA-2(2) Automated Maintenance Activities