CMMC 1.0 Practice MP.2.121 Requirement:

Control the use of removable media on system components.

CMMC 1.0 MP.2.121 Requirement Explanation:

Removable storage devices such as USB thumb drives can contain malware. If you allow the use of them on your systems you increase the risk of malware infections. USB thumb drives are also a convenient way to extract data from your environment. By controlling the use of removable storage devices you can improve your security posture.

Example CMMC 1.0 MP.2.121 Implementation:

Write a policy restricting the use of removable media. Your objective is to limit removable media to the smallest number needed. Ideally you should block all removable storage devices from functioning on your systems unless they are on a white list. Scan all removable storage media for viruses on a separate computer before using them on your systems. If possible, configure your anti virus software to scan removable storage devices. Create an inventory of removable media controlled by your organization. Document who is in possession of it and their business justification.

CMMC 1.0 MP.2.121 Scenario(s):

- Scenario 1:

An employee named John submits a ticket requesting a USB thumb drive. He tried to use a personnel thumb drive but it was blocked by his computer. After verifying the business need you provide him a company thumb drive. Because the thumb drive has been white listed it functions on John's computer and is scanned by his anti-virus.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.