Navigate

MP-7(1)

MP-7(1): Prohibit Use Without Owner

The organization prohibits the use of portable storage devices in organizational information systems when such devices have no identifiable owner.

Supplemental

Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., malicious code insertion).

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to MP-7(1).

Control	Description
PL-4	The organization: a: Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage; b: Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system; c: Reviews and updates the rules of behavior [organization-defined frequency]; and d: Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.

Control

Description

PL-4

The organization:

a: Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage;

b: Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system;

c: Reviews and updates the rules of behavior [organization-defined frequency]; and

d: Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.

Enhancements

The controls below (if any) add on to the requirements of MP-7(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to MP-7(1).

CCI	Definition
CCI-002585	Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.