Navigate

CCI-003759

CCI-003759 Definition

Prohibit the use of organization-controlled portable storage devices by authorized individuals on external systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the use of organization-controlled portable storage devices by authorized individuals is prohibited on external systems.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing use of portable storage devices in external systems; system design documentation; system configuration settings and associated documentation; system connection or processing agreements; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for prohibiting the use of portable storage devices in external systems; system/network administrators; organizational personnel with information security responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003759.

Control	Description
AC-20(5)	Prohibit the use of organization-controlled portable storage devices by authorized individuals on external systems.