Reference: CMMC 2.11
Family: MP
Level Introduced: 2
Title: Removable Media
Practice:
Control the use of removable media on system components.
CMMC Clarification:
Removable media is any type of media storage that you can remove from your computer or machine, for example, CDs, DVDs, diskettes and USB drives. Write a specific policy for removable media for your company. The policy should cover that there are two types of removable media: write-once media and rewritable media. Limit the use of removable media to the smallest number needed. Scan all removable media for viruses. Track removable media that you own and make sure you reuse and dispose of it properly.
Example
You are in charge of IT operations at your company. You establish a policy for USB drives. All of them must be scanned for viruses and bugs before use on the company's networks. You set up a separate computer to scan these drives before anyone uses them on the network. This computer has anti-virus software installed that is kept up to date.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.