AC-19(4)
-
Requirement
- Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and
- Enforce the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information:
- Connection of unclassified mobile devices to classified systems is prohibited;
- Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official;
- Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
- Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [Assignment: organization-defined security officials], and if classified information is found, the incident handling policy is followed.
- Restrict the connection of classified mobile devices to classified systems in accordance with [Assignment: organization-defined security policies].
-
Discussion
None.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!