800-53|AC-20(1)

Title

LIMITS ON AUTHORIZED USE

Description

The organization permits authorized individuals to use an external information system to access the information system or to process, store, or transmit organization-controlled information only when the organization:

Supplemental

This control enhancement recognizes that there are circumstances where individuals using external information systems (e.g., contractors, coalition partners) need to access organizational information systems. In those situations, organizations need confidence that the external information systems contain the necessary security safeguards (i.e., security controls), so as not to compromise, damage, or otherwise harm organizational information systems. Verification that the required security controls have been implemented can be achieved, for example, by third-party, independent assessments, attestations, or other means, depending on the confidence level required by organizations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CA-2

Category: ACCESS CONTROL

Parent Title: USE OF EXTERNAL INFORMATION SYSTEMS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1.1.1 Audit iCloud Keychain	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
2.1.1.1 Audit iCloud Keychain	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
2.1.1.2 Audit iCloud Drive	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
2.1.1.2 Audit iCloud Drive	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
2.1.1.5 Audit Freeform Sync to iCloud	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
2.1.1.5 Audit Freeform Sync to iCloud	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
2.1.1.6 Audit Find My Mac	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L2
2.1.1.6 Audit Find My Mac	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L2
2.6.1.1 Audit iCloud Configuration	Unix	CIS Apple macOS 10.14 v2.0.0 L2
2.6.1.1 Audit iCloud Keychain	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.1 Audit iCloud Keychain	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.1 Audit iCloud Keychain	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.2 Audit iCloud Drive	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.2 Audit iCloud Drive	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.2 Audit iCloud Drive	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.2 Audit iCloud Keychain	Unix	CIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Audit iCloud Drive	Unix	CIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.4 Audit Find My Mac	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Desktop	Unix	CIS Apple macOS 10.14 v2.0.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Document	Unix	CIS Apple macOS 10.14 v2.0.0 L2
2.15 Audit Internet Accounts for Authorized Use	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.16 Audit Internet Accounts for Authorized Use	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L1
2.17.1 Audit Internet Accounts for Authorized Use	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L1
2.17.1 Audit Internet Accounts for Authorized Use	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L1
3.2.1.6 Review 'Allow iCloud Keychain' settings	MDM	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settings	MDM	MobileIron - CIS Apple iOS 17 Institution Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settings	MDM	AirWatch - CIS Apple iOS 17 Institution Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settings	MDM	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable iCloud Address Book	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable iCloud Bookmarks	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate

Detections

Analytics