CCI-001732

The organization controls the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

Implementation Guidance

The organization being inspected/assessed reviews and authorizes in order to control the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. The organization must maintain an audit trail of peer-to-peer file sharing technology reviews and authorizations.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the audit trail of peer-to-peer file sharing technology reviews and authorizations to ensure the organization being inspected/assessed controls the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

Compelling Evidence

1.) Copy of P2P ports being blocked by firewall 2.) Copy of system security plan (SSP) policy referencing peer-to-peer file sharing technology section

The controls below (if any) were marked by NIST as being related to CCI-001732.