Reference: CMMC 2.0
Level Introduced: 2
Title: Portable Storage Use
Limit use of portable storage devices on external systems.
A portable storage device is a system component that you can insert and remove from a system. You use it to store data or information. Examples of portable storage devices include:
• floppy disks;
• compact/digital video disks (CDs/DVDs);
• flash/thumb drives;
• external hard disk drives; and
• flash memory cards/drives that contain nonvolatile memory.
You can put this practice in place two ways:
• set up a policy that describes the usage restrictions of these devices or
• establish technical means, such as configuring devices to work only when connected to a system to which they can authenticate.
Your organization has a usage restriction policy. It states that users cannot use portable storage devices in external information systems without management approval.