AC-20(4): Network Accessible Storage Devices

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization prohibits the use of [Assignment: organization-defined network accessible storage devices] in external information systems.

Supplemental Guidance

Network accessible storage devices in external information systems include, for example, online storage devices in public, hybrid, or community cloud-based systems.