800-53|AC-20(1)

Title

LIMITS ON AUTHORIZED USE

Description

The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization:

Supplemental

This control enhancement recognizes that there are circumstances where individuals using external information systems (e.g., contractors, coalition partners) need to access organizational information systems. In those situations, organizations need confidence that the external information systems contain the necessary security safeguards (i.e., security controls), so as not to compromise, damage, or otherwise harm organizational information systems. Verification that the required security controls have been implemented can be achieved, for example, by third-party, independent assessments, attestations, or other means, depending on the confidence level required by organizations.

Reference Item Details

Related: CA-2

Category: ACCESS CONTROL

Parent Title: USE OF EXTERNAL INFORMATION SYSTEMS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.1.1 Audit iCloud KeychainUnixCIS Apple macOS 13.0 Ventura v3.0.0 L2
2.1.1.1 Audit iCloud KeychainUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L2
2.1.1.1 Audit iCloud KeychainUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L2
2.1.1.2 Audit iCloud DriveUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L2
2.1.1.2 Audit iCloud DriveUnixCIS Apple macOS 13.0 Ventura v3.0.0 L2
2.1.1.2 Audit iCloud DriveUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 13.0 Ventura v3.0.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L2
2.1.1.5 Audit Freeform Sync to iCloudUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L2
2.1.1.5 Audit Freeform Sync to iCloudUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L2
2.1.1.5 Audit Freeform Sync to iCloudUnixCIS Apple macOS 13.0 Ventura v3.0.0 L2
2.1.1.6 Audit Find My MacUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L2
2.1.1.6 Audit Find My MacUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L2
2.1.1.6 Audit Find My MacUnixCIS Apple macOS 13.0 Ventura v3.0.0 L2
2.6.1.1 Audit iCloud ConfigurationUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.2 Audit iCloud KeychainUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Audit iCloud DriveUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.4 Audit Find My MacUnixCIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - DesktopUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - DocumentUnixCIS Apple macOS 10.14 v2.0.0 L2
2.15 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.16 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 12.0 Monterey v3.1.0 L1
2.17.1 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 15.0 Sequoia v1.0.0 L1
2.17.1 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 13.0 Ventura v3.0.0 L1
2.17.1 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 14.0 Sonoma v2.0.0 L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMMobileIron - CIS Apple iPadOS 17 Institutionally Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMMobileIron - CIS Apple iOS 17 Institution Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMAirWatch - CIS Apple iOS 17 Institution Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMAirWatch - CIS Apple iPadOS 17 Institutionally Owned L1
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable iCloud Address BookUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable iCloud BookmarksUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable iCloud BookmarksUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High