MP.L2-3.8.8 Shared Media

CMMC Practice MP.L2-3.8.8 – Shared Media: Prohibit the use of portable storage devices when such devices have no identifiable owner.

Links to Publicly Available Resources


A portable storage device is a small hard drive or solid state device that is designed to hold various types of data. It typically plugs into a laptop or desktop port (e.g., USB port). Due to the small size of the device they can be easily lost. This makes the portable storage device an attractive tool to hack an organization. Since the device can hold any type of file it could contain an executable or document that a staff member opens to determine who owns the portable storage device Therefore, an organization should prohibit use if it cannot trace the device to an owner.