Navigate

CCI-002585

CCI-002585 Definition

Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed does not use portable storage devices in organization information systems when such devices have no identifiable owner.

Validation Procedures

The organization conducting the inspection/assessment examines a sampling of portable storage devices used in the information system to ensure that the devices have an identifiable owner.

Compelling Evidence

1.) Signed and dated SOP or TTP, referencing section which prohibits portable storage for devices with no identifiable owner

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002585.

Control	Description
MP-7(1)	The organization prohibits the use of portable storage devices in organizational information systems when such devices have no identifiable owner.