NIST SP 800-171 & CMMC 2.0 3.8.7 Requirement:

Control the use of removable media on system components.

NIST SP 800-171 & CMMC 2.0 3.8.7 Requirement Explanation:

Removable storage devices such as USB thumb drives can contain malware. If you allow the use of them on your systems you increase the risk of malware infections. USB thumb drives are also a convenient way to extract data from your environment. By controlling the use of removable storage devices you can improve your security posture.

Example NIST SP 800-171 & CMMC 2.0 3.8.7 Implementation:

Write a policy restricting the use of removable media. Your objective is to limit removable media to the smallest number needed. Ideally, you should block all removable storage devices from functioning on your systems unless they are on a white list. Scan all removable storage media for viruses on a separate computer before using them on your systems. If possible, configure your anti-virus software to scan removable storage devices. Create an inventory of removable media controlled by your organization.

NIST SP 800-171 & CMMC 2.0 3.8.7 Scenario(s):

- Scenario 1:

An employee named John submits a ticket requesting a USB thumb drive. He tried to use a personnel thumb drive but it was blocked by his computer. After verifying the business need you provide him a company-owned encrypted thumb drive. Because the thumb drive has been whitelisted it functions on John's computer. John's anti-virus software automatically scans the USB drive for malware.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.