Catalina - Disable Removable Storage Devices

Information

Removable media, such as USB connected external hard drives, thumb drives, and optical media, _MUST_ be disabled for users.

Disabling removable storage devices reduces the risks and known vulnerabilities of such devices (e.g., malicious code insertion)

[IMPORTANT]
====
Some organizations rely on the use of removable media for storing and sharing data. Information System Security Officers (ISSOs) may make the risk-based decision not to disable external hard drives to avoid losing this functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.systemuiserver:
mount-controls:
harddisk-external
alert
eject

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-7, CCE|CCE-84782-2

Plugin: Unix

Control ID: 35acf7aece6c6883db91dbf012a4b493becf8100e1f39d45594097acd50b163f