NIST CSF: PR.PT-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Removable media is protected and its use restricted according to policy

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
MP-5: Media Transport
MP-4: Media Storage
MP-3: Media Marking
MP-8: Media Downgrading
MP-2: Media Access
MP-7: Media Use

Showing 1 to 6 of 6 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Physical media transfer (8.3.3)
ISO 27001:2013
Handling of assets (8.2.3)
ISO 27001:2013
Management of removable media (8.3.1)
ISO 27001:2013
Labelling of information (8.2.2)
ISO 27001:2013
Classification of information (8.2.1)
ISO 27001:2013
Clear desk and clear screen policy (11.2.9)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Use control for portable and mobile devices (SR 2.3)
ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1052	Exfiltration Over Physical Medium	Exfiltration
T1091	Replication Through Removable Media	Initial Access, Lateral Movement
T1052.001	Exfiltration over USB	Exfiltration
T1025	Data from Removable Media	Collection
T1092	Communication Through Removable Media	Command and Control
T1200	Hardware Additions	Initial Access

Showing 1 to 6 of 6 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B3.c	Stored Data	You have protected stored data important to the operation of the essential function.
B3.e	Media Equipment Sanitisation	You appropriately sanitise media and equipment holding data important to the operation of the essential function.
B3.a	Understanding Data	You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.
B3.d	Mobile Data	You have protected data important to the operation of the essential function on mobile devices.

Showing 1 to 4 of 4 entries

NIST CSF: PR.PT-2 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Physical media transfer (8.3.3)

Handling of assets (8.2.3)

Management of removable media (8.3.1)

Labelling of information (8.2.2)

Classification of information (8.2.1)

Clear desk and clear screen policy (11.2.9)

Related ISA/IEC 62443 Controls

Use control for portable and mobile devices (SR 2.3)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF