Description:
Limits on the use of organization-controlled portable storage devices in external systems include complete prohibition of the use of such devices or restrictions on how the devices may be used and under what conditions the devices may be used. Note that while “external” typically refers to outside of the organization’s direct supervision and authority, that is not always the case. Regarding the protection of CUI across an organization, the organization may have systems that process CUI and others that do not. Among the systems that process CUI there are likely access restrictions for CUI that apply between systems. Therefore, from the perspective of a given system, other systems within the organization may be considered “external" to that system.
Priority: High
Category: Baseline Security Configurations
Services Associated with AWS:
- AWS Identity and Access Management (IAM), AWS Organizations, AWS Security Hub
Objective Evidence:
- Administrative: documented policies, standards & procedures
Technical: screenshot of the technology used to prevent the use of portable storage devices on external systems.
Possible Technology Considerations :
- Secure Baseline Configurations (SBC)
What needs to be answered :
Are there restrictions or guidelines placed on the use of portable storage devices (USB drives)?
- Establish Restrictions on Use of Portable Storage Devices on External Systems
Description This check ensures that restrictions are in place for the use of organization-controlled portable storage devices on external systems. Restrictions may include complete prohibition of such devices or limitations on how and under what conditions they can be used. - Enforce Prohibition of Portable Storage Devices on External Systems
Description This check verifies that the use of organization-controlled portable storage devices is completely prohibited on external systems, providing a stringent control measure to prevent unauthorized access or data breaches. - Implement Usage Policies for Portable Storage Devices
Description This check confirms that usage policies are in place for organization-controlled portable storage devices on external systems. The policies define how the devices may be used and specify the conditions under which they can be used, ensuring proper control and management of portable storage devices.
More Details:
Policies and controls in place regarding storage of company information on removable media.