CCI-002585

Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

Implementation Guidance

Determine if the use of portable storage devices in organizational systems is prohibited when such devices have no identifiable owner.

Validation Procedures

Examine: [SELECT FROM: System media protection policy; system use policy; procedures addressing media usage restrictions; rules of behavior; system design documentation; system configuration settings and associated documentation; audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system media use responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for media use; mechanisms restricting or prohibiting the use of system media on systems or system components].

The controls below (if any) were marked by NIST as being related to CCI-002585.