MP.L2-3.8.7—Removable Media
Level 2
800-171: 3.8.7
>Control Description
Control the use of removable media on system components.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for use of removable media?
- •How do you control which removable media devices can be used?
- •What is your approval process for removable media use?
- •How do you prevent unauthorized use of removable media?
- •Who is responsible for monitoring removable media usage?
Technical Implementation:
- •What technical controls restrict removable media use (USB blocking)?
- •What endpoint protection controls removable media?
- •What DLP monitors removable media usage?
- •What logging captures removable media connections?
- •What tools whitelist approved removable media devices?
Evidence & Documentation:
- •What media protection policies and procedures can you provide?
- •What media inventory and tracking records can you show?
- •What sanitization certificates demonstrate proper media disposal?
- •What transport documentation shows media accountability during transport?
- •What evidence shows media is properly marked with CUI indicators?
- •What encryption verification shows portable media is encrypted?
- •What access logs show restricted access to media?
Ask AI
Configure your API key to use AI features.