CCI-000097
CCI-000097 Definition
Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using organization-defined restrictions.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to restrict or prohibit the use of organization-controlled portable storage devices by authorized individuals on external information systems.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.
Compelling Evidence
1.) Signed and dated system security (SSP) 2.) Signed and dated MOU/MOA with any external information systems