CMMC 1.0 Practice MP.3.123 Requirement:
Prohibit the use of portable storage devices when such devices have no identifiable owner.
CMMC 1.0 MP.3.123 Requirement Explanation:
Portable storage devices, especially non-company owned devices can pose a security risk when used on your systems. They can carry malware and are easy to transport into your facilities. This why they need to be prohibited from being used on your systems. Using technical controls you can ensure that only your company owned storage devices can be used on your system.
Example CMMC 1.0 MP.3.123 Implementation:
Document the serial numbers of the USB thumb drives and other portable storage devices used in your organization. When you provide one to an employee document which device you gave them. As a result all of your authorized devices will have an identifiable owner. Prohibit the use of any non-company provided storage devices on your systems. Using technical controls you can ensure that only your company owned storage devices work on your systems. Enterprise anti-virus software often has the capability to allow only whitelisted storage devices on your systems. Using group policy is also an option.
CMMC 1.0 MP.3.123 Scenario(s):
- Scenario 1:
An employee found a USB thumb drive in the parking lot and attempted to plug it into their computer. Because the device isn't company owned and hasn't been white listed it doesn't work on your systems.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.