CMMC 1.0 Practice MP.2.121 Requirement:

Control the use of removable media on system components.

CMMC 1.0 MP.2.121 Requirement Explanation:

Removable storage devices such as USB thumb drives can contain malware. If you allow the use of them on your systems you increase the risk of malware infections. USB thumb drives are also a convenient way to extract data from your environment. By controlling the use of removable storage devices you can improve your security posture.

Example CMMC 1.0 MP.2.121 Implementation:

Write a policy restricting the use of removable media. Your objective is to limit removable media to the smallest number needed. Ideally you should block all removable storage devices from functioning on your systems unless they are on a white list. Scan all removable storage media for viruses on a separate computer before using them on your systems. If possible, configure your anti virus software to scan removable storage devices. Create an inventory of removable media controlled by your organization. Document who is in possession of it and their business justification.

CMMC 1.0 MP.2.121 Scenario(s):

- Scenario 1:

An employee named John submits a ticket requesting a USB thumb drive. He tried to use a personnel thumb drive but it was blocked by his computer. After verifying the business need you provide him a company thumb drive. Because the thumb drive has been white listed it functions on John's computer and is scanned by his anti-virus.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More