AC-20(1)—Use of External Systems (1)
>Control Description
Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after:
a. Verification of the implementation of controls on the external system as specified in the organization’s security and privacy policies and security and privacy plans; or
b. Retention of approved system connection or processing agreements with the organizational entity hosting the external system.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.