CCI-002340

Implementation Guidance

Determine if the use of [AC-20(04)_ODP; network-accessible storage devices prohibited from use in external systems are defined] is prohibited in external systems.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing use of network-accessible storage devices in external systems; system design documentation; system configuration settings and associated documentation; system connection or processing agreements; list of network-accessible storage devices prohibited from use in external systems; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for prohibiting the use of network-accessible storage devices in external systems; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms prohibiting the use of network-accessible storage devices in external systems].