AC.L3-3.1.2e Restrict Access
Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization.
Source: NIST SP 800-172 3.1.2e
Discussion: Information resources that are not owned, provisioned, or issued by the organization include systems or system components owned by other organizations and personally owned devices. Nonorganizational information resources present significant risks to the organization and complicate the ability to employ a “comply-to-connect” policy or implement component or device attestation techniques to ensure the integrity of the organizational system.
SPRS Score: N/A