NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-3(5)Portable Storage Devices

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Scan removable media (USB drives, external hard drives) for malicious code before allowing access to the files on them.

Example 1: Configure Microsoft Defender via GPO to automatically scan removable drives when they are connected. Enable "Scan removable drives during full scan" and consider enabling the on-access scan for removable media.

Example 2: Deploy a dedicated malware scanning kiosk where all removable media must be scanned before being connected to any production system. The kiosk runs multiple antivirus engines for comprehensive scanning.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status