πΌ AC-20 Use of External Systems (L)(M)(H)
- Contextual name: πΌ AC-20 Use of External Systems (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/ac/20 - Located in: πΌ Access Control
Descriptionβ
a. [Selection (one-or-more): Establish [Assignment: organization-defined terms and conditions]; Identify [Assignment: organization-defined controls asserted to be implemented on external systems]], consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:
- Access the system from external systems; and
- Process, store, or transmit organization-controlled information using external systems; or
b. Prohibit the use of [Assignment: organizationally-defined types of external systems].
AC-20 Additional FedRAMP Requirements and Guidance:
Guidance: The interrelated controls of AC-20, CA-3, and SA-9 should be differentiated as follows:
-
AC-20 describes system access to and from external systems.
-
CA-3 describes documentation of an agreement between the respective system owners when data is exchanged between the CSO and an external system.
-
SA-9 describes the responsibilities of external system owners. These responsibilities would typically be captured in the agreement required by CA-3.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/ac/20/frameworks/fedramp-high-security-controls/ac/20
- Internal
- ID:
dec-c-82436250
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ AC-20 Use of External Systems (L)(M)(H) | 2 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-20 Use of External Systems | 5 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|