Use of USB drives and removable media is governed and limited.
What it actually means
Removable media (USB drives especially) is a top vector for malware and data loss. Control its use — through policy plus technical controls (blocking or restricting USB storage via endpoint/MDM policy, or allowing only approved encrypted devices).
Pass or fail — an assessor needs a "yes" to each
- A policy governs removable-media use.
- Technical controls enforce it (block/restrict USB storage, or allow only approved devices).
- Use is monitored.
What to have ready
- Removable-media policy
- Endpoint/MDM device-control configuration
- Monitoring/logging of removable-media use
Where teams trip up
- Unrestricted USB ports on CUI systems
- Policy with no technical enforcement
- No monitoring of what's plugged in
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →