800-53|AC-20(3)

Title

NON-ORGANIZATIONALLY OWNED SYSTEMS / COMPONENTS / DEVICES

Description

The organization [Selection: restricts; prohibits] the use of non-organizationally owned information systems, system components, or devices to process, store, or transmit organizational information.

Supplemental

Non-organizationally owned devices include devices owned by other organizations (e.g., federal/state agencies, contractors) and personally owned devices. There are risks to using non-organizationally owned devices. In some cases, the risk is sufficiently high as to prohibit such use. In other cases, it may be such that the use of non-organizationally owned devices is allowed but restricted in some way. Restrictions include, for example: (i) requiring the implementation of organization-approved security controls prior to authorizing such connections; (ii) limiting access to certain types of information, services, or applications; (iii) using virtualization techniques to limit processing and storage activities to servers or other system components provisioned by the organization; and (iv) agreeing to terms and conditions for usage. For personally owned devices, organizations consult with the Office of the General Counsel regarding legal issues associated with using such devices in operational environments, including, for example, requirements for conducting forensic analyses during investigations after an incident.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: USE OF EXTERNAL INFORMATION SYSTEMS

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-02-080002 - Apple iOS must not allow backup to remote systems (iCloud).MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080002 - Apple iOS must not allow backup to remote systems (iCloud).MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080003 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080003 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080004 - Apple iOS must not allow backup to remote systems (iCloud Keychain).MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080004 - Apple iOS must not allow backup to remote systems (iCloud Keychain).MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080005 - Apple iOS must not allow backup to remote systems (My Photo Stream).MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080005 - Apple iOS must not allow backup to remote systems (My Photo Stream).MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080006 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080006 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080102 - Apple iOS must implement the management setting: not allow use of Handoff.MDMAirWatch - DISA Apple iOS 10 v1r3
AIOS-02-080102 - Apple iOS must implement the management setting: not allow use of Handoff.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080104 - Apple iOS must implement the management setting: require password when connecting to AirPlay device for the first time.MDMMobileIron - DISA Apple iOS 10 v1r3
AIOS-02-080104 - Apple iOS must implement the management setting: require password when connecting to AirPlay device for the first time.MDMAirWatch - DISA Apple iOS 10 v1r3
GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Google Android 9.x v2r1
GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Google Android 9.x v2r1
GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Google Android 10.x v2r1
GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Google Android 10.x v2r1
GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Google Android 11 COPE v2r1
GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Google Android 11 COBO v2r1
GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Google Android 11 COBO v2r1
GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Google Android 11 COPE v2r1
HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Honeywell Android 9.x COBO v1r1
HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Honeywell Android 9.x COPE v1r1
HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Honeywell Android 9.x COPE v1r1
HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Honeywell Android 9.x COBO v1r1
KNOX-07-004900 - The Samsung must be configured to not allow backup to remote systems: Deselect Allow Google Backup.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-004900 - The Samsung must be configured to not allow backup to remote systems: Deselect Allow Google Backup.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-004950 - The Samsung must be configured to not allow backup to remote systems: Disable Allow Google Accounts Auto Sync.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-004950 - The Samsung must be configured to not allow backup to remote systems: Disable Allow Google Accounts Auto Sync.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Motorola Android Pie.x COPE v1r2
MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Motorola Solutions Android 11 COBO v1r2
MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Motorola Solutions Android 11 COBO v1r2
ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Zebra Android 10 COBO v1r2
ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Zebra Android 10 COPE v1r2
ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Zebra Android 10 COBO v1r2
ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Zebra Android 10 COPE v1r2
ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMMobileIron - DISA Zebra Android 11 COBO v1r3
ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems.MDMAirWatch - DISA Zebra Android 11 COBO v1r3