NIST SP 800-171 & CMMC 2.0 3.8.7 Requirement:
Control the use of removable media on system components.
NIST SP 800-171 & CMMC 2.0 3.8.7 Requirement Explanation:
Removable storage devices such as USB thumb drives can contain malware. If you allow the use of them on your systems you increase the risk of malware infections. USB thumb drives are also a convenient way to extract data from your environment. By controlling the use of removable storage devices you can improve your security posture.
Example NIST SP 800-171 & CMMC 2.0 3.8.7 Implementation:
Write a policy restricting the use of removable media. Your objective is to limit removable media to the smallest number needed. Ideally, you should block all removable storage devices from functioning on your systems unless they are on a white list. Scan all removable storage media for viruses on a separate computer before using them on your systems. If possible, configure your anti-virus software to scan removable storage devices. Create an inventory of removable media controlled by your organization.
NIST SP 800-171 & CMMC 2.0 3.8.7 Scenario(s):
- Scenario 1:
An employee named John submits a ticket requesting a USB thumb drive. He tried to use a personnel thumb drive but it was blocked by his computer. After verifying the business need you provide him a company-owned encrypted thumb drive. Because the thumb drive has been whitelisted it functions on John's computer. John's anti-virus software automatically scans the USB drive for malware.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you