Removable media is any form of computer storage or data transfer device that is designed to be inserted and removed from a system. This section provides resources for secure removable storage practices. Implementation Assessment AT&T Cybersecurity – Data Protection This resource provides a list of free and commercial tools used for data protection that includes encryption products. Colorado Department of Education – Sample Removable Storage Policy This is a sample removable storage policy for the Colorado Department of Education. Federal Aviation Administration – Removable Media Security Policy This sample policy from the FAA addresses the additional security requirements to assist in preventing data. InfoSec Institute – The Security Awareness Hazards of Removable Media This article provides an overview of removable media including the risks associated with this technology and how to implement a control policy. ISO 27001 Guide – Guide to Removable Media Policy Development This article provides a guide to the implementation of ISO 27001 Management of Removable Media Requirements McAfee Device Control McAfee Device Control protects critical data from leaving your company through removable media, such as USB drives, Apple iPods, Bluetooth devices, and recordable CDs and DVDs. NIST SP 800-53: SC-28 Protection of Information at Rest NIST resource that define requirements for proper protection of information at rest (e.g, encryption, off-line storage, physical protection) SANS – Removable Media Policy This sample policy provided by SANS discusses removable media. SANS Whitepaper – Ubiquitous Security Backdoor (USB) This SANS whitepaper discusses a holistic approach to USB port-security. Tripwire – USB Threats to Cybersecurity of Industrial Facilities This article provides an overview of the risks associated with removable media for industrial facilities based on a 2018 Honeywell report. US-CERT – The Risk of Using Portable Devices Video – Controlling the Use of USB Drives on Red Hat Systems In this video, a security engineer describes the steps to take in order to control USB drives on Red Hat systems. NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.