Navigate

CCI-002340

CCI-002340 Definition

Prohibit the use of organization-defined network accessible storage devices in external systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to prohibit the use of network accessible storage devices defined in AC-20 (4), CCI 2339 in external information systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed prohibits the use of network accessible storage devices defined in AC-20 (4), CCI 2339 in external information systems.

Compelling Evidence

1.) Signed and dated system security plan (SSP) 2.) Signed and dated MOU/MOA with any external information systems that describes how the site prohibits the use of network accessible storage devices defined in AC-20 (4), CCI 2339 in external information systems.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002340.

Control	Description
AC-20(4)	The organization prohibits the use of [organization-defined network accessible storage devices] in external information systems.