3.8.8: Prohibit the use of portable storage devices when such devices have no identifiable owner

Control Family:

Media Protection

Control Type:


CSF v1.1 References:


Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., insertion of malicious code).