3.8.8: Prohibit the use of portable storage devices when such devices have no identifiable owner

Control Family:

Media Protection

Control Type:

Derived

CSF v1.1 References:

Discussion

Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., insertion of malicious code).