NIST 800-53 REV 5 • ACCESS CONTROL

AC-20(4)Network Accessible Storage Devices — Prohibited Use

Prohibit the use of {{ insert: param, ac-20.04_odp }} in external systems.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Network-accessible storage devices in external systems include online storage devices in public, hybrid, or community cloud-based systems.

Practitioner Notes

Prohibit the use of network-accessible storage devices (like NAS devices) that are not authorized by the organization. Unauthorized storage creates data leakage risks.

Example 1: Block access to consumer cloud storage services (Dropbox, Google Drive, personal OneDrive) at the proxy/firewall level. In Zscaler, block the Cloud Storage URL category. Allow only your organization's approved cloud storage (corporate OneDrive, corporate SharePoint).

Example 2: Use your network monitoring tool (PRTG, SolarWinds) to scan for unauthorized NAS devices on the network. Alert on any new SMB/CIFS shares or NFS exports that appear on the network that are not in your asset inventory. Investigate and remove unauthorized devices.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management