STIGViewer Trial workspace — loading your subscription…

NIST 800-171 v2

110 security requirements available

3.1.21Derived Requirement

Access Control

Security Requirement

Limit use of portable storage devices on external systems.

Discussion

Limits on the use of organization-controlled portable storage devices in external systems include complete prohibition of the use of such devices or restrictions on how the devices may be used and under what conditions the devices may be used. Note that while “external” typically refers to outside of the organization’s direct supervision and authority, that is not always the case. Regarding the protection of CUI across an organization, the organization may have systems that process CUI and others that do not. Among the systems that process CUI there are likely access restrictions for CUI that apply between systems. Therefore, from the perspective of a given system, other systems within the organization may be considered “external" to that system.

Framework
NIST SP 800-171 Rev 2
Family
Access Control
Requirement Type
derived

Related Frameworks

3 paths across 2 frameworks
NIST 800-531 mapping
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI2 mappings
CCI-000097
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003758
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

No STIGs in the current catalog reference any CCI mapped to this control.