SC-41

Requirement

[Selection: Physically; Logically] disable or remove [Assignment: organization-defined connection ports or input/output devices] on the following systems or system components: [Assignment: organization-defined systems or system components].

Discussion

Connection ports include Universal Serial Bus (USB), Thunderbolt, and Firewire (IEEE 1394). Input/output (I/O) devices include compact disc and digital versatile disc drives. Disabling or removing such connection ports and I/O devices helps prevent the exfiltration of information from systems and the introduction of malicious code from those ports or devices. Physically disabling or removing ports and/or devices is the stronger action.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; access control policy and procedures; procedures addressing port and input/output device access; system design documentation; system configuration settings and associated documentation; system architecture; systems or system components; list of connection ports or input/output devices to be physically disabled or removed on systems or system components; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system].

Test

[SELECT FROM: Mechanisms supporting and/or implementing the disabling of connection ports or input/output devices].

ID	Assessment Objectives
SC-41	<SC-41_ODP[01] connection ports or input/output devices> are <SC-41_ODP[02] SELECTED PARAMETER VALUE> disabled or removed on <SC-41_ODP[03] systems or system components>.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!