Our CMMC overview course is available!

3.8.8[a]

Determination Statement

The use of portable storage devices is prohibited when such devices have no identifiable owner.

Requirement

Prohibit the use of portable storage devices when such devices have no identifiable owner.

Requirement Discussion

Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall risk of using such technologies by allowing organizations to assign responsibility and accountability for addressing known vulnerabilities in the devices (e.g., insertion of malicious code).

More Info

Family

Media Protection
DoD Scoring Methodology Points

3

Related NIST 800-171 ID

3.8.8
Related CMMC ID

MP.L2-3.8.8
Related NIST 800-53 ID

MP-7(1)
Reference Documents
- N/A

NIST 800-171A Assessment Guidance

Examine

[SELECT FROM: System media protection policy; system use policy; procedures addressing media usage restrictions; security plan; rules of behavior; system design documentation; system configuration settings and associated documentation; system audit logs and records; other relevant documents or records].
Interview

[SELECT FROM: Personnel with system media use responsibilities; personnel with information security responsibilities; system or network administrators].
Test

[SELECT FROM: Organizational processes for media use; mechanisms prohibiting use of media on systems or system components].

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!