This is a sample removable storage policy for the Colorado Department of Education. This article provides an overview of removable media including the risks associated with this technology and how to implement a control policy. McAfee Total Protection to reduce the attack surface NIST resource that define requirements for proper protection of information at rest (e.g, encryption, off-line storage, physical protection) The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. This sample policy provided by SANS discusses removable media. This SANS whitepaper discusses a holistic approach to USB port-security. This article provides an overview of the risks associated with removable media for industrial facilities based on a 2018 Honeywell report. This paper focuses on the risks associated with simple media devices and smart media devices.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.