Information Technology Reference
In-Depth Information
Category/
Subcategory/ 
Element
Control 
Reference
Control Summary
Interpretation
AC-18
Wireless access
restrictions
The organization: (i) establishes
usage restrictions and
implementation guidance for
wireless technologies; and (ii)
authorizes, monitors, and
controls wireless access to the
information system.
AC-19
Access control for
portable and
mobile devices
The organization: (i) establishes
usage restrictions and
implementation guidance for
organization-controlled portable
and mobile devices; and (ii)
authorizes, monitors, and
controls device access to
organizational information
systems.
AC-20
Use of external
information
systems
The organization establishes terms
and conditions for authorized
individuals to: (i) access the
information system from an
external information system; and
(ii) process, store, and transmit
organization-controlled
information using an external
information system.
At
Awareness and
training
AT-1
Security awareness
and training policy
and procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented security awareness
and training policy that addresses
purpose, scope, roles,
responsibilities, management
commitment, coordination
among organizational entities,
and compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the security awareness and
training policy and associated
security awareness and training
controls.
 
Search WWH ::




Custom Search