MP-7(1): Prohibit Use Without Owner
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
- Moderate
- High
Control is withdrawn in the next version of this control set and incorporated into: MP-7: Media Use.
Control Statement
The organization prohibits the use of portable storage devices in organizational information systems when such devices have no identifiable owner.
Supplemental Guidance
Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., malicious code insertion).