Navigate

CCI-000097

CCI-000097 Definition

Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using organization-defined restrictions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to restrict or prohibit the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Compelling Evidence

1.) Signed and dated system security (SSP) 2.) Signed and dated MOU/MOA with any external information systems

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000097.

Control	Description
AC-20(2)	The organization [one of "restricts"/"prohibits"] the use of organization-controlled portable storage devices by authorized individuals on external information systems.