Detections
Analytics

CSCv6|8.3

Title

Limit use of external devices to those with an approved, documented business need.

Description

Limit use of external devices to those with an approved, documented business need. Monitor for use and attempted use of external devices. Configure laptops, workstations, and servers so that they will not auto-run content from removable media, like USB tokens (i.e., 'thumb drives'), USB hard drives, CDs/DVDs, FireWire devices, external serial advanced technology attachment devices, and mounted network shares. Configure systems so that they automatically conduct an anti-malware scan of removable media when inserted.

Reference Item Details

Category: Malware Defenses

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.46 Set 'Audit Policy: Object Access: Removable Storage' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.4.2 Configure 'Devices: Restrict floppy access to locally logged-on user only'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.4.3 Set 'Devices: Allowed to format and eject removable media' to 'Administrators and Interactive Users'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.4.4 Configure 'Devices: Restrict CD-ROM access to locally loggedon user only'WindowsCIS Windows 8 L1 v1.0.0
1.1.21 Disable AutomountingUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.21 Disable AutomountingUnixCIS Debian 8 Server L1 v2.0.2
1.1.21 Disable AutomountingUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.22 Disable AutomountingUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.22 Disable AutomountingUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.1.22 Disable AutomountingUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.1.23 Disable AutomountingUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
1.1.23 Disable AutomountingUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.1.23 Disable USB Storage - lsmodUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.1.23 Disable USB Storage - lsmodUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.23 Disable USB Storage - modprobeUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.23 Disable USB Storage - modprobeUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.2.4.1.1 Set 'Turn off Autoplay on' to 'Enabled:All drives'WindowsCIS Windows 8 L1 v1.0.0
2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.8.1 (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.8.3 (L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
Audit Removable StorageWindowsMSCT Windows Server v2004 DC v1.0.0
Audit Removable StorageWindowsMSCT Windows Server 1903 DC v1.19.9
Audit Removable StorageWindowsMSCT Windows 10 1909 v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 1903 v1.19.9
Audit Removable StorageWindowsMSCT Windows 10 v21H2 v1.0.0
Audit Removable StorageWindowsMSCT Windows Server v2004 MS v1.0.0
Audit Removable StorageWindowsMSCT Windows Server v1909 DC v1.0.0
Audit Removable StorageWindowsMSCT Windows Server 2016 MS v1.0.0
Audit Removable StorageWindowsMSCT Windows Server v20H2 DC v1.0.0
Audit Removable StorageWindowsMSCT Windows Server v1909 MS v1.0.0
Audit Removable StorageWindowsMSCT Windows Server 1903 MS v1.19.9
Audit Removable StorageWindowsMSCT Windows Server 2016 DC v1.0.0
Audit Removable StorageWindowsMSCT Windows Server v20H2 MS v1.0.0
Audit Removable StorageWindowsMSCT Windows Server 2019 MS v1.0.0
Audit Removable StorageWindowsMSCT Windows Server 2019 DC v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 1803 v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 1809 v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 v1507 v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 v2004 v1.0.0
Audit Removable StorageWindowsMSCT Windows 10 v20H2 v1.0.0
Devices: Allowed to format and eject removable mediaWindowsMSCT Windows Server 2012 R2 MS v1.0.0
Devices: Allowed to format and eject removable mediaWindowsMSCT Windows Server 2012 R2 DC v1.0.0
Disable AutomountingUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Disallow Autoplay for non-volume devicesWindowsMSCT Windows Server v20H2 DC v1.0.0
Disallow Autoplay for non-volume devicesWindowsMSCT Windows Server v2004 DC v1.0.0