CCI-002327

CCI-002327 Definition

Defines the security policies which restrict the connection of classified mobile devices to classified systems.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-002327.

Control	Description
AC-19(4)	The organization: (a): Prohibits the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and (b): Enforces the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information: (1): Connection of unclassified mobile devices to classified information systems is prohibited; (2): Connection of unclassified mobile devices to unclassified information systems requires approval from the authorizing official; (3): Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and (4): Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [one of ], and if classified information is found, the incident handling policy is followed. (c): Restricts the connection of classified mobile devices to classified information systems in accordance with [one of ].

Control

Description

(a): Prohibits the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and

(b): Enforces the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information:
- (1): Connection of unclassified mobile devices to classified information systems is prohibited;
- (2): Connection of unclassified mobile devices to unclassified information systems requires approval from the authorizing official;
- (3): Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
- (4): Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [one of ], and if classified information is found, the incident handling policy is followed.

(c): Restricts the connection of classified mobile devices to classified information systems in accordance with [one of ].