control_freak | Controls | SC-41 - Port and I/O Device Access

sc-41_odp.02 disable or remove sc-41_odp.01 on the following systems or system components: sc-41_odp.03.

Parameter ID	Definition
sc-41_odp.01	connection ports or input/output devices
sc-41_odp.02	Selection (one): physically logically
sc-41_odp.03	systems or system components

Parameter ID

Definition

sc-41_odp.01

connection ports or input/output devices

sc-41_odp.02

Selection (one):

physically
logically

sc-41_odp.03

systems or system components

Baselines

Guidance

Connection ports include Universal Serial Bus (USB), Thunderbolt, and Firewire (IEEE 1394). Input/output (I/O) devices include compact disc and digital versatile disc drives. Disabling or removing such connection ports and I/O devices helps prevent the exfiltration of information from systems and the introduction of malicious code from those ports or devices. Physically disabling or removing ports and/or devices is the stronger action.

Related controls 2

AC-20 Use of External Systems L M H P
MP-07 Media Use L M H P

SC-41 Port and I/O Device Access

Baselines

Guidance

Related controls 2