MP-7: Media Use
From NIST's SP800-53:
a. [Selection: Restrict; Prohibit] the use of [Assignment: organization-defined types of system media] on [Assignment: organization-defined systems or system components] using [Assignment: organization-defined controls]; and b. Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.PT-2 | Removable media is protected and its use restricted according to policy |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1025 | Data from Removable Media | Collection |
| T1092 | Communication Through Removable Media | Command and Control |
| T1200 | Hardware Additions | Initial Access |