CSCv7|13.8

Title

Manage System's External Removable Media's Read/write Configurations

Description

Configure systems not to write data to external removable media, if there is no business need for supporting such devices.

Reference Item Details

Category: Data Protection

Audit Items

View all Reference Audit Items

NamePluginAudit Name
17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 Bitlocker
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 BitLocker
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.9.3.14 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' - EnabledWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' - Enabled: FalseWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' - Enabled: FalseWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' - Enabled: FalseWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.10.9.3.15 Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' - Enabled: FalseWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG