CCI-002335

The organization permits authorized individuals to use an external information system to store organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization^s information security policy and security plan.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to permit authorized individuals to use an external information system to store organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed permits authorized individuals to use an external information system to store organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan.

Compelling Evidence

1.) Signed and dated system security (SSP) 2.) Signed and dated MOU/MOA with any external information systems

The controls below (if any) were marked by NIST as being related to CCI-002335.