Does your organization have a policy and technical controls to restrict the use of removable media devices?
Explanation
Removable media devices (USB drives, external hard drives, SD cards, etc.) can be used to exfiltrate sensitive data from your systems or introduce malware. Restricting their use through both policy and technical means helps prevent data breaches and malware infections.
Evidence could include: a documented removable media policy, screenshots of technical controls such as device control software configurations, group policy settings that disable USB ports, or data loss prevention (DLP) tool configurations that monitor and restrict file transfers to removable media.
Implementation Example
Restrict the use of removable media to prevent data exfiltration
ID: PR.DS-01.226
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- The confidentiality, integrity, and availability of data-at-rest are protected
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?
- Does your organization automatically encrypt or block outbound communications containing sensitive data based on data classification?

