|
controlAC-20
Use of External Systems (AC-20)
[organization-defined] , consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to: Prohibit the use of [organization-defined].
Security Baselines
LOWMODERATEHIGH
access-controlauthorizationleast-privilege
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports19
These related controls work together — a change to one may affect the others.
Enhances5
These enhancements add specific capabilities or refinements to the base control.
Related Controls(12)
AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)LMH
AC-17Remote Access (AC-17)LMH
AC-19Access Control for Mobile Devices (AC-19)LMH
CA-3Information Exchange (CA-3)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
PL-4Rules of Behavior (PL-4)LMH
SA-9External System Services (SA-9)LMH
SC-7Boundary Protection (SC-7)LMH
CA-2Control Assessments (CA-2)LMH
MP-7Media Use (MP-7)LMH
SC-41Port and I/O Device Access (SC-41)Control Enhancements(5)
AC-20(1)Limits on Authorized Use (AC-20(1))
MH
AC-20(2)Portable Storage Devices — Restricted Use (AC-20(2))MH
AC-20(3)Non-organizationally Owned Systems — Restricted Use (AC-20(3))AC-20(4)Network Accessible Storage Devices — Prohibited Use (AC-20(4))AC-20(5)Portable Storage Devices — Prohibited Use (AC-20(5))