Navigate

SC-41

SC-41: Port And I/O Device Access

The organization physically disables or removes [Assignment: organization-defined connection ports or input/output devices] on [Assignment: organization-defined information systems or information system components].

Supplemental

Connection ports include, for example, Universal Serial Bus (USB) and Firewire (IEEE 1394). Input/output (I/O) devices include, for example, Compact Disk (CD) and Digital Video Disk (DVD) drives. Physically disabling or removing such connection ports and I/O devices helps prevent exfiltration of information from information systems and the introduction of malicious code into systems from those ports/devices.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SC-41.

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SC-41.

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-41.

CCI	Definition
CCI-002544	The organization defines the information systems or information system components on which organization-defined connection ports or input/output devices are to be physically disabled or removed.
CCI-002545	The organization defines the connection ports or input/output devices that are to be physically disabled or removed from organization-defined information systems or information system components.
CCI-002546	The organization physically disables or removes organization-defined connection ports or input/output devices on organization-defined information systems or information system components.