💼 AC-20 Use of External Systems
- ID:
/frameworks/nist-sp-800-53-r5/ac/20
Description​
a. [Selection (one or more): Establish [Assignment: organization-defined terms and conditions]; Identify [Assignment: organization-defined controls asserted to be implemented on external systems]], consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to:
- Access the system from external systems; and
- Process, store, or transmit organization-controlled information using external systems; or b. Prohibit the use of [Assignment: organizationally-defined types of external systems].
Similar​
- Internal
- ID:
dec-c-70810614
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 AC-20 Use of External Systems (L)(M)(H) | 2 | no data | |||
| 💼 FedRAMP Low Security Controls → 💼 AC-20 Use of External Systems (L)(M)(H) | no data | ||||
| 💼 NIST CSF v2.0 → 💼 ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained | 9 | no data | |||
| 💼 NIST CSF v2.0 → 💼 ID.AM-04: Inventories of services provided by suppliers are maintained | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 AC-20(1) Use of External Systems _ Limits on Authorized Use | no data | ||||
| 💼 AC-20(2) Use of External Systems _ Portable Storage Devices — Restricted Use | no data | ||||
| 💼 AC-20(3) Use of External Systems _ Non-organizationally Owned Systems — Restricted Use | no data | ||||
| 💼 AC-20(4) Use of External Systems _ Network Accessible Storage Devices — Prohibited Use | no data | ||||
| 💼 AC-20(5) Use of External Systems _ Portable Storage Devices — Prohibited Use | no data |