AC-19(4): Restrictions for Classified Information

Control Family:

Access Control

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

  1. Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and
  2. Enforce the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information:
    1. Connection of unclassified mobile devices to classified systems is prohibited;
    2. Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official;
    3. Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
    4. Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [Assignment: organization-defined security officials], and if classified information is found, the incident handling policy is followed.
  3. Restrict the connection of classified mobile devices to classified systems in accordance with [Assignment: organization-defined security policies].

Supplemental Guidance

None.