NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-43Usage Restrictions

Establish usage restrictions and implementation guidelines for the following system components: {{ insert: param, sc-43_odp }} ; and Authorize, monitor, and control the use of such components within the system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Usage restrictions apply to all system components including but not limited to mobile code, mobile devices, wireless access, and wired and wireless peripheral components (e.g., copiers, printers, scanners, optical devices, and other similar technologies). The usage restrictions and implementation guidelines are based on the potential for system components to cause damage to the system and help to ensure that only authorized system use occurs.

Practitioner Notes

Define and enforce usage restrictions for system components that pose elevated risk — things like collaboration tools, removable media, or externally accessible services.

Example 1: Create an acceptable use policy for Microsoft Teams that restricts guest access, prohibits sharing CUI in general channels, and requires sensitivity labels on files shared through Teams. Enforce these restrictions with DLP policies in Microsoft Purview.

Example 2: Restrict the use of personal cloud storage (Dropbox, Google Drive) on corporate devices. Use your web proxy to block access to unauthorized cloud storage services and provide an approved, managed alternative like SharePoint Online or OneDrive for Business.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability