Detections
Analytics

800-53|MP-7

Title

MEDIA USE

Description

The organization [Selection: restricts; prohibits] the use of [Assignment: organization-defined types of information system media] on [Assignment: organization-defined information systems or system components] using [Assignment: organization-defined security safeguards].

Supplemental

Information system media includes both digital and non-digital media. Digital media includes, for example, diskettes, magnetic tapes, external/removable hard disk drives, flash drives, compact disks, and digital video disks. Non-digital media includes, for example, paper and microfilm. This control also applies to mobile devices with information storage capability (e.g., smart phones, tablets, E-readers). In contrast to MP-2, which restricts user access to media, this control restricts the use of certain types of media on information systems, for example, restricting/prohibiting the use of flash drives or external hard disk drives. Organizations can employ technical and nontechnical safeguards (e.g., policies, procedures, rules of behavior) to restrict the use of information system media. Organizations may restrict the use of portable storage devices, for example, by using physical cages on workstations to prohibit access to certain external ports, or disabling/removing the ability to insert, read or write to such devices. Organizations may also limit the use of portable storage devices to only approved devices including, for example, devices provided by the organization, devices provided by other approved organizations, and devices that are not personally owned. Finally, organizations may restrict the use of portable storage devices based on the type of device, for example, prohibiting the use of writeable, portable storage devices, and implementing this restriction by disabling or removing the capability to write to such devices.

Reference Item Details

Related: AC-19,PL-4

Category: MEDIA PROTECTION

Family: MEDIA PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Red Hat EL8 Workstation L2 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Oracle Linux 8 Workstation L2 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Oracle Linux 8 Server L1 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Rocky Linux 8 Server L1 v2.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Red Hat EL8 Server L1 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS AlmaLinux OS 8 Workstation L2 v3.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Rocky Linux 8 Workstation L2 v2.0.0
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS CentOS Linux 7 v4.0.0 L2 Workstation
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Oracle Linux 7 v4.0.0 L2 Workstation
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS Amazon Linux 2 v3.0.0 L1
1.1.1.8 Ensure usb-storage kernel module is not availableUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.1.10 Disable USB StorageUnixCIS Debian 10 Server L1 v2.0.0
1.1.10 Disable USB StorageUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.1.10 Disable USB StorageUnixCIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1
1.1.10 Disable USB StorageUnixCIS Debian 10 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - blacklistUnixCIS Debian Linux 11 Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - blacklistUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - blacklistUnixCIS Debian Linux 11 Server L1 v1.0.0
1.1.10 Disable USB Storage - blacklistUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Fedora 28 Family Linux Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Debian Linux 11 Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Debian Linux 11 Server L1 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Fedora 28 Family Linux Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Debian Linux 11 Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Debian Linux 11 Server L1 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.13 Disable AutomountingUnixCIS Google Container-Optimized OS L1 Server v1.1.0
1.1.21 Disable AutomountingUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.21 Disable AutomountingUnixCIS Debian 8 Server L1 v2.0.2
1.1.22 Disable AutomountingUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1
1.1.22 Disable AutomountingUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server