Organizational Control: Port And I/o Device Access
| Control ID: SC-41 Port And I/o Device Access | Family: System and Communications Protection | Source: NIST 800-53r4 |
| Control: The organization physically disables or removes [Assignment: organization-defined connection ports or input/output devices] on [Assignment: organization-defined information systems or information system components]. | ||
| Supplemental Guidance: Connection ports include, for example, Universal Serial Bus (USB) and Firewire (IEEE 1394). Input/output (I/O) devices include, for example, Compact Disk (CD) and Digital Video Disk (DVD) drives. Physically disabling or removing such connection ports and I/O devices helps prevent exfiltration of information from information systems and the introduction of malicious code into systems from those ports/devices. Related Controls: N/A |
||
| Control Enhancements: N/A | ||
| References: N/A | ||
| Mechanisms: | ||
| Protocol Implementation Conformance Statements: N/A | ||