Manual Examination AC_20_1_1

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
Return to Main Page
Manual Examination AC_20_1_1_1

FIPS 199 High Impact (for ICS)

Findings Color Code
Satisfied
Other Than Satisfied - not assessed
Other Than Satisfied - failed

NIST SP 800-53A AC-20(01) .01

Question: Do the access control policy and the procedures addressing the use of external information systems and the security plan specify that the organization prohibits authorized individuals from using an external information system to access the information system or to process, store, or transmit organization-controlled information except in situations where the organization: (i) verifies, for authorized exceptions, the employment of required security controls on the external system as specified in the organization's information security policy and security plan when allowing connections to the external information system or (ii) approves, for authorized exceptions, information system connection or processing agreements with the organizational entity hosting the external information system ?

Answered by: BOSTON::JOHNSON

As part of Manual Examination group: POLICY_AC

Answer: YES

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.