AC-20: Use of External Systems
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 04/17/2024
- Before use, external information resources that access, process, store or transmit data controlled by Tarleton State University (Tarleton), must be approved by the Tarleton CISO or their designee. See Control SA-4, Acquisition Process, and Control SA-9, External System Services, for additional information
- Personally owned devices that connect to the Tarleton email system, network, and other information resources must be kept up to date/patched, and use a password, passcode, or another form of authentication to prevent unauthorized access to the device.
- The information resource owner, or designee shall establish terms and conditions for contracting with external information resource providers.