Monterey - Disable Removable Storage Devices

Information

Removable media, such as USB connected external hard drives, thumb drives, and optical media, _MUST_ be disabled for users.

Disabling removable storage devices reduces the risks and known vulnerabilities of such devices (e.g., malicious code insertion)

[IMPORTANT]
====
Some organizations rely on the use of removable media for storing and sharing data. Information System Security Officers (ISSOs) may make the risk-based decision not to disable external hard drives to avoid losing this functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.systemuiserver:
mount-controls:
harddisk-external
alert
eject

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-7, CCE|CCE-90991-1

Plugin: Unix

Control ID: 51819800a43d3d135e20976932e38ecd7f8481df4cfce36472f4f77ed2b3b9c5