AC-20(4): Network Accessible Storage Devices

Control Family:

Parent Control:

AC-20: Use Of External Information Systems

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Information Disclosure

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-20(4): Network Accessible Storage Devices – Prohibited Use

Control Statement

The organization prohibits the use of [Assignment: organization-defined network accessible storage devices] in external information systems.

Supplemental Guidance

Network accessible storage devices in external information systems include, for example, online storage devices in public, hybrid, or community cloud-based systems.