3.1.2e
-
Requirement
Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization.
-
Discussion
Information resources that are not owned, provisioned, or issued by the organization include systems or system components owned by other organizations and personally owned devices. Nonorganizational information resources present significant risks to the organization and complicate the ability to employ a “comply-to-connect” policy or implement component or device attestation techniques to ensure the integrity of the organizational system.
NIST 800-172A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!