CCI-002328

CCI-002328 Definition

Restrict the connection of classified mobile devices to classified systems in accordance with organization-defined security policies.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-002328.

Control	Description
AC-19(4)	The organization: (a): Prohibits the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and (b): Enforces the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information: (1): Connection of unclassified mobile devices to classified information systems is prohibited; (2): Connection of unclassified mobile devices to unclassified information systems requires approval from the authorizing official; (3): Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and (4): Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [one of ], and if classified information is found, the incident handling policy is followed. (c): Restricts the connection of classified mobile devices to classified information systems in accordance with [one of ].

Control

Description

(a): Prohibits the use of unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and

(b): Enforces the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing information systems processing, storing, or transmitting classified information:
- (1): Connection of unclassified mobile devices to classified information systems is prohibited;
- (2): Connection of unclassified mobile devices to unclassified information systems requires approval from the authorizing official;
- (3): Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
- (4): Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [one of ], and if classified information is found, the incident handling policy is followed.

(c): Restricts the connection of classified mobile devices to classified information systems in accordance with [one of ].