AC.L2-3.1.21—Portable Storage Use
Level 2
800-171: 3.1.21
>Control Description
Limit use of portable storage devices on external systems.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy regarding use of portable storage devices on external systems?
- •How do you communicate portable storage restrictions to users?
- •What governance process oversees exceptions to portable storage limitations?
Technical Implementation:
- •What technical controls limit portable storage use on external systems?
- •How do you restrict USB and removable media access?
- •What DLP or endpoint protection enforces portable storage restrictions?
- •How do you detect and prevent unauthorized portable storage use?
- •What technologies encrypt portable storage devices?
Evidence & Documentation:
- •What documentation demonstrates your access control policies and procedures?
- •What access control matrices or permissions documentation can you provide?
- •What access request and approval records can you show?
- •What access review documentation demonstrates periodic reviews?
- •What audit logs demonstrate access control enforcement?
- •What screenshots or configuration exports show access control settings?
Ask AI
Configure your API key to use AI features.