>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-41Port and I/O Device Access

IL6

>Control Description

Physically; Logically disable or remove organization-defined connection ports or input/output devices on the following systems or system components: organization-defined systems or system components.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Connection ports include Universal Serial Bus (USB), Thunderbolt, and Firewire (IEEE 1394). Input/output (I/O) devices include compact disc and digital versatile disc drives. Disabling or removing such connection ports and I/O devices helps prevent the exfiltration of information from systems and the introduction of malicious code from those ports or devices.

Physically disabling or removing ports and/or devices is the stronger action.

>Related Controls

AC-20
MP-7

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of port and i/o device access?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-41?

Technical Implementation:

  • How is port and i/o device access technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that port and i/o device access remains effective as the system evolves?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-41?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.