Reference: CMMC 2.11
Family: AC
Level Introduced: 2
Title: Portable Storage Use
Practice:
Limit use of portable storage devices on external systems.
CMMC Clarification:
A portable storage device is a system component that you can insert and remove from a system. You use it to store data or information. Examples of portable storage devices include:
• floppy disks;
• compact/digital video disks (CDs/DVDs);
• flash/thumb drives;
• external hard disk drives; and
• flash memory cards/drives that contain nonvolatile memory.
You can put this practice in place two ways:
• set up a policy that describes the usage restrictions of these devices or
• establish technical means, such as configuring devices to work only when connected to a system to which they can authenticate.
Example
Your organization has a usage restriction policy. It states that users cannot use portable storage devices in external information systems without management approval.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.