NSA's Center for Storage Device Sanitization Research (CSDSR) guides the sanitization of information system (IS) storage devices. Resources for a vendor of storage device sanitization, the NSA Evaluated Products Lists (EPLs), and contact information for the Center for Storage Device Sanitization Research are provided on this page.
Implementing a removable media policy helps organizations control how employees use USB drives, external hard drives, and other portable storage devices. The main purpose is to prevent data breaches and malware infections while keeping sensitive company information secure. These policies set clear rules about what's allowed and what isn't, helping businesses stay compliant with important security standards like ISO 27001, NIST, and Department of Defense requirements.
The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes.
This sample policy provided by SANS discusses removable media.
This is a equipment disposal policy created by SANS that can be freely used.
This is Stanford University’s policy for data sanitization.
This example policy from the State of Georgia provides a starting point for system maintenance.
This paper focuses on the risks associated with simple media devices and smart media devices.
This is Western University’s recommended practices for destroying data and/or data devices.
In this video, Mike breaks down CMMC 2.0 Control MA L2-3.7.2. You need written procedures, you need documentation on your process for allowing access to your systems, you are going to have to justify every step of how you run your system on paper through written procedure and that includes your IT team and who gets access to what and how they get that access.