Detections
Analytics

CSCv6|13.5

Title

Configure systems so that they will not write data to USB tokens or USB hard drives.

Description

If there is no business need for supporting such devices, configure systems so that they will not write data to USB tokens or USB hard drives. If such devices are required, enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices. An inventory of all authorized devices must be maintained.

Reference Item Details

Category: Data Protection

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.3.13 Set 'Prevent installation of devices using drivers that match these device setup classes' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.3.14 Set 'Also apply to matching devices that are already installed' to 'True'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.17 Set 'Deny write access to removable drives not protected by BitLocker' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.3.20 Set 'Do not allow write access to devices configured in another organization' to 'True'WindowsCIS Windows 8 L1 v1.0.0
18.8.6.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.6.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs:' is setWindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.6.1.3 (BL) Ensure 'Prevent installation that match any of these device IDs: Also apply to' is set to 'True' (checked)WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.6.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.6.1.5 (BL) Ensure 'Prevent installation using drivers for these device setup' is set to '{d48179be-ec20-11d1-b6b8-00c04fa372a7}'WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.6.1.6 (BL) Ensure 'Also apply to matching devices that are already installed.' is set to 'True' (checked)WindowsCIS Microsoft Windows 10 Enterprise (Release 1607) v1.2.0 Level 1 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 2 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Level 1 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1803) v1.5.0 Bitlocker
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L2 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1709) v1.4.0 Bitlocker
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.0 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L2 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L1 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L2 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L2 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 L2 + BL + NG
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1909) v1.8.1 L2 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1903) v1.7.1 L1 + BL
18.8.7.1.1 Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 BL