PR.DS-01.226

Does your organization have a policy and technical controls to restrict the use of removable media devices?

Explanation

Removable media devices (USB drives, external hard drives, SD cards, etc.) can be used to exfiltrate sensitive data from your systems or introduce malware. Restricting their use through both policy and technical means helps prevent data breaches and malware infections. Evidence could include: a documented removable media policy, screenshots of technical controls such as device control software configurations, group policy settings that disable USB ports, or data loss prevention (DLP) tool configurations that monitor and restrict file transfers to removable media.

Implementation Example

Restrict the use of removable media to prevent data exfiltration

ID: PR.DS-01.226

Context

Function
PR: PROTECT
Category
PR.DS: Data Security
Sub-Category
The confidentiality, integrity, and availability of data-at-rest are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron