Navigate

CCI-002337

CCI-002337 Definition

Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after the system retains approved system connection or processing agreements with the organizational entity hosting the external system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002337.

Control	Description
AC-20(1)	The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization: (a): Verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan; or (b): Retains approved information system connection or processing agreements with the organizational entity hosting the external information system.

Control

Description

AC-20(1)

The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization:

(a): Verifies the implementation of required security controls on the external system as specified in the organization’s information security policy and security plan; or

(b): Retains approved information system connection or processing agreements with the organizational entity hosting the external information system.