MP.L2-3.8.8 Shared Media

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.

This is a sample removable storage policy for the Colorado Department of Education.

Crowdstrike webpage providing security tips and resources for considerations on least privilege.

The DCSA CUI Program Office is dedicated to providing up-to-date information, tools, and resources to support Industry's implementation of CUI programs. This Defense Counterintelligence and Security Agency (DCSA) Controlled Unclassified Information (CUI) webpage is routinely updated with news and information related to DCSA’s CUI oversight responsibilities.

The cybersecurity risk of using unknown QR codes and how to mitigate it.

This article provides an overview of removable media including the risks associated with this technology and how to implement a control policy.

McAfee Total Protection to reduce the attack surface

This article breaks down CMMC Section 3.8, which focuses on the media protection for media that contains controlled unclassified information (CUI)

The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes.

This sample policy provided by SANS discusses removable media.

This SANS whitepaper discusses a holistic approach to USB port-security.

This article provides an overview of the risks associated with removable media for industrial facilities based on a 2018 Honeywell report.

This GSA-IT Security MP Procedurals reference provides guidance for the MP security controls identified in NIST SP 800-53 and federal contractor media protection requirements.

This paper focuses on the risks associated with simple media devices and smart media devices.