CCI-002337

Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after the system retains approved system connection or processing agreements with the organizational entity hosting the external system.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to permit authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization retains approved information system connection or processing agreements with the organizational entity hosting the external information system.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization retains approved information system connection or processing agreements with the organizational entity hosting the external information system.

Compelling Evidence

1.) Signed and dated system security (SSP) 2.) Signed and dated MOU/MOA with any external information systems

The controls below (if any) were marked by NIST as being related to CCI-002337.