AC-19(4): Restrictions for Classified Information
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AC-19(4): Restrictions For Classified Information
Control Statement
- Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and
- Enforce the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information:
- Connection of unclassified mobile devices to classified systems is prohibited;
- Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official;
- Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
- Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [Assignment: organization-defined security officials], and if classified information is found, the incident handling policy is followed.
- Restrict the connection of classified mobile devices to classified systems in accordance with [Assignment: organization-defined security policies].
Supplemental Guidance
None.