3.8.8: Prohibit the use of portable storage devices when such devices have no identifiable owner
Control Family:
Control Type:
Derived
CSF v1.1 References:
Discussion
Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., insertion of malicious code).