CCI-000095

The organization prohibits authorized individuals from using an external information system to access the information system except in situations where the organization can verify the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.

Details
Associations