CCI-002326

Establish connection requirements for organization-controlled mobile devices, to include when such devices are outside of controlled areas.

Implementation Guidance

Determine if: - configuration requirements are established for organization-controlled mobile devices, including when such devices are outside of the controlled area. - connection requirements are established for organization-controlled mobile devices, including when such devices are outside of the controlled area. - implementation guidance is established for organization-controlled mobile devices, including when such devices are outside of the controlled area.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing access control for mobile device usage (including restrictions); configuration management plan; system design documentation; system configuration settings and associated documentation; authorizations for mobile device connections to organizational systems; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel using mobile devices to access organizational systems; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Access control capability for mobile device connections to organizational systems; configurations of mobile devices].

The controls below (if any) were marked by NIST as being related to CCI-002326.