13.2: Remove Sensitive Data or Systems Not Regularly Accessed by Organization
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
The next version of the control set incorporates all or part of this control into: 3.5: Securely Dispose of Data.
Control Statement
Remove sensitive data or systems not regularly accessed by the organization from the network. These systems shall only be used as stand-alone systems (disconnected from the network) by the business unit needing to occasionally use the system or completely virtualized and powered off until needed.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]