AC-19(4)

  • Requirement

    1. Prohibit the use of unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information unless specifically permitted by the authorizing official; and
    2. Enforce the following restrictions on individuals permitted by the authorizing official to use unclassified mobile devices in facilities containing systems processing, storing, or transmitting classified information:
      1. Connection of unclassified mobile devices to classified systems is prohibited;
      2. Connection of unclassified mobile devices to unclassified systems requires approval from the authorizing official;
      3. Use of internal or external modems or wireless interfaces within the unclassified mobile devices is prohibited; and
      4. Unclassified mobile devices and the information stored on those devices are subject to random reviews and inspections by [Assignment: organization-defined security officials], and if classified information is found, the incident handling policy is followed.
    3. Restrict the connection of classified mobile devices to classified systems in accordance with [Assignment: organization-defined security policies].
  • Discussion

    None.

More Info

  • Title

    Access Control for Mobile Devices | Restrictions for Classified Information
  • Family

    Access Control
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      CM-8;IR-4

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!