800-53|AC-20(2)

Title

PORTABLE STORAGE DEVICES

Description

The organization [Selection: restricts; prohibits] the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Supplemental

Limits on the use of organization-controlled portable storage devices in external information systems include, for example, complete prohibition of the use of such devices or restrictions on how the devices may be used and under what conditions the devices may be used.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: USE OF EXTERNAL INFORMATION SYSTEMS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1.1.1 Audit iCloud KeychainUnixCIS Apple macOS 13.0 Ventura v2.0.0 L2
2.1.1.1 Audit iCloud KeychainUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L2
2.1.1.2 Audit iCloud DriveUnixCIS Apple macOS 13.0 Ventura v2.0.0 L2
2.1.1.2 Audit iCloud DriveUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L2
2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 13.0 Ventura v2.0.0 L2
2.1.1.5 Audit Freeform Sync to iCloudUnixCIS Apple macOS 13.0 Ventura v2.0.0 L2
2.1.1.5 Audit Freeform Sync to iCloudUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L2
2.6.1.1 Audit iCloud ConfigurationUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 12.0 Monterey v3.0.0 L2
2.6.1.1 Audit iCloud KeychainUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 12.0 Monterey v3.0.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.2 Audit iCloud DriveUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.2 Audit iCloud KeychainUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Audit iCloud DriveUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 12.0 Monterey v3.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is DisabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - DesktopUnixCIS Apple macOS 10.14 v2.0.0 L2
2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - DocumentUnixCIS Apple macOS 10.14 v2.0.0 L2
2.15 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.16 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
2.17.1 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
2.17.1 Audit Internet Accounts for Authorized UseUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMMobileIron - CIS Apple iOS 17 Institution Owned L1
3.2.1.6 Review 'Allow iCloud Keychain' settingsMDMAirWatch - CIS Apple iOS 17 Institution Owned L1
AIOS-11-080201 - Apple iOS must not allow backup to locally connected systems.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-11-080201 - Apple iOS must not allow backup to locally connected systems.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-12-012300 - A managed photo app must be used to take and store work related photos.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-012300 - A managed photo app must be used to take and store work related photos.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-12-012500 - Apple iOS must implement the management setting: enable USB Restricted Mode.MDMMobileIron - DISA Apple iOS 12 v2r1
AIOS-12-012500 - Apple iOS must implement the management setting: enable USB Restricted Mode.MDMAirWatch - DISA Apple iOS 12 v2r1
AIOS-13-012300 - A managed photo app must be used to take and store work-related photos.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-012300 - A managed photo app must be used to take and store work-related photos.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-012500 - Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-012500 - Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013000 - Apple iOS/iPadOS must implement the management setting: disable AirDrop.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013000 - Apple iOS/iPadOS must implement the management setting: disable AirDrop.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013200 - Apple iOS/iPadOS must disable password autofill in browsers and applications.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013200 - Apple iOS/iPadOS must disable password autofill in browsers and applications.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013300 - Apple iOS/iPadOS must disable allow setting up new nearby devices.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013300 - Apple iOS/iPadOS must disable allow setting up new nearby devices.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013400 - Apple iOS/iPadOS must disable password proximity requests.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013400 - Apple iOS/iPadOS must disable password proximity requests.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013500 - Apple iOS/iPadOS must disable password sharing.MDMAirWatch - DISA Apple iOS/iPadOS 13 v2r1
AIOS-13-013500 - Apple iOS/iPadOS must disable password sharing.MDMMobileIron - DISA Apple iOS/iPadOS 13 v2r1