Pro audit program · v1.0

Removable Media & USB Control

USB drives, SD cards and external SSDs are the easiest exfil and infection vector. A focused control set.

General target area
CIS Controls framework
5 controls in this program
Cyentrix Cyentrix Trusted Author

Sign in to run → Back to library

About this program

USB drives, SD cards and external SSDs are the easiest exfil and infection vector. A focused control set.

Risks addressed

High Malware introduced via USB into the network
High Confidential data copied to unencrypted USB
Medium Found-and-plugged USB social engineering attack

Controls (5)

USB mass-storage blocked by default
High

USB mass-storage blocked by default

How to test + evidence

Testing procedure: Endpoint policy disables removable storage unless explicitly approved.

Evidence to collect: GPO / MDM policy.
Approved USB devices use encryption
High

Approved USB devices use encryption

How to test + evidence

Testing procedure: Where allowed, hardware-encrypted drives only.

Evidence to collect: Approved-device register.
DLP inspects writes to removable media
High

DLP inspects writes to removable media

How to test + evidence

Testing procedure: DLP scans files copied to USB; blocks confidential / restricted labels.

Evidence to collect: DLP policy + sample alert.
Auto-run disabled on all endpoints
Medium

Auto-run disabled on all endpoints

How to test + evidence

Testing procedure: Auto-play / auto-run disabled tenant-wide.

Evidence to collect: GPO export.
Security-awareness covers USB threats
Low

Security-awareness covers USB threats

How to test + evidence

Testing procedure: Annual training includes USB / removable media risks.

Evidence to collect: Training content + completion.