MP.L2-3.8.8—Shared Media
Level 2
800-171: 3.8.8
>Control Description
Prohibit the use of portable storage devices when such devices have no identifiable owner.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy prohibiting unknown/found portable storage devices?
- •How do you communicate this policy to users?
- •What is your process for handling found or unknown storage devices?
- •How do you enforce prohibitions on unidentified portable storage?
Technical Implementation:
- •What technical controls prevent use of unknown USB devices?
- •How do you block unregistered portable storage?
- •What endpoint protection blocks found/unknown devices?
- •What monitoring alerts on connection of unknown devices?
- •What technical enforcement prevents use of unidentified media?
Evidence & Documentation:
- •What media protection policies and procedures can you provide?
- •What media inventory and tracking records can you show?
- •What sanitization certificates demonstrate proper media disposal?
- •What transport documentation shows media accountability during transport?
- •What evidence shows media is properly marked with CUI indicators?
- •What encryption verification shows portable media is encrypted?
- •What access logs show restricted access to media?
Ask AI
Configure your API key to use AI features.