Protect wireless access using authentication and encryption.
Control connection of mobile devices.
Encrypt CUI on mobile devices and mobile computing platforms.
Verify and control/limit connections to and use of external systems.
Limit use of portable storage devices on external systems.
Control CUI posted or processed on publicly accessible systems.
Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization.
Employ secure information transfer solutions to control information flows between security domains on connected systems.
Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.