Cloud Usage and Security, System Communications Protection
MOD, HIGH
P1
No
Sensitive systems co-located with less sensitive systems are accessed by unauthorized parties.
The information system prevents unauthorized and unintended information transfer via shared system resources.
Consideration of shared system resources are evaluated once a risk assessment and data classification are completed.
No statewide control
Obtain system and communications protection policy; procedures addressing information remnants; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if :
(I)the information system prevents unauthorized and unintended information transfer via shared system resources.
