CSCv7|13.7

Title

Manage USB Devices

Description

If USB storage devices are required, enterprise software should be used that can configure systems to allow the use of specific devices. An inventory of such devices should be maintained.

Reference Item Details

Category: Data Protection

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.10 Disable USB Storage - blacklistUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - blacklistUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Rocky Linux 8 Workstation L2 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Oracle Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Red Hat EL8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS AlmaLinux OS 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Red Hat EL8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Rocky Linux 8 Workstation L2 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS AlmaLinux OS 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Oracle Linux 8 Workstation L2 v2.0.0
1.1.20 Disable AutomountingUnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.3.2 Ensure 'Control use of the WebUSB API' is set to 'Enabled: Do not allow any site to request access to USB'WindowsCIS Microsoft Edge L2 v1.0.1
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.2 Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.3 Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.4 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.5 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.6 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.3.17 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.3.18 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL