CSCv7|13.8

Title

Manage System's External Removable Media's Read/write Configurations

Description

Configure systems not to write data to external removable media, if there is no business need for supporting such devices.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Data Protection

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.0.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 MS L1 v2.2.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 DC L1 v2.2.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG DC L3 v1.0.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.0.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 STIG NG MS L3 v1.0.0
17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 BitLocker
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 Bitlocker
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL
18.10.9.3.1 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL + NG
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL

Detections

Analytics

CSCv7|13.8

Title

Description

Reference Item Details

Audit Items