SC-41: Port and I/O Device Access

Control Family:

System and Communications Protection

Threats Addressed:

Tampering
Information Disclosure

Baselines:

Low
N/A
Moderate
N/A
High
N/A
Privacy
N/A

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-41: Port And I/O Device Access

Control Statement

[Assignment: Physically, Logically] disable or remove [Assignment: organization-defined connection ports or input/output devices] on the following systems or system components: [Assignment: organization-defined systems or system components].

Supplemental Guidance

Connection ports include Universal Serial Bus (USB), Thunderbolt, and Firewire (IEEE 1394). Input/output (I/O) devices include compact disc and digital versatile disc drives. Disabling or removing such connection ports and I/O devices helps prevent the exfiltration of information from systems and the introduction of malicious code from those ports or devices. Physically disabling or removing ports and/or devices is the stronger action.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 7.1