Navigate

CCI-002335

CCI-002335 Definition

The organization permits authorized individuals to use an external information system to store organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002335.

Control	Description
AC-20(1)	The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization: (a): Verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan; or (b): Retains approved information system connection or processing agreements with the organizational entity hosting the external information system.

Control

Description

AC-20(1)

The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization:

(a): Verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan; or

(b): Retains approved information system connection or processing agreements with the organizational entity hosting the external information system.