Content library
CyberFundamentals (Belgium)
PR.PT-2: Removable media is protected, and its use restricted according to policy.

How to fill the requirement

CyberFundamentals (Belgium)

PR.PT-2: Removable media is protected, and its use restricted according to policy.

Task name
Priority
Status
Theme
Policy
Other requirements
Defining the types of removable media used
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Removable media
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
13.2.1: Information transfer policies and procedures
ISO27 Full
13: Communications security
ISO 27018
1. Task description

Removable media includes e.g. flash memories, SD memories, removable storage drives, USB sticks and DVDs.

The organization has defined which removable media is allowed to be used.

Encryption of portable media
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Encryption
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
10.1.1: Policy on the use of cryptographic controls
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
PR.PT-2: Removable media
NIST
1. Task description

Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).

Detailed rules for the management of removable media
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Management of data sets
Removable media
requirements

Task is fulfilling also these other security requirements

8.3.1: Management of removable media
ISO27 Full
8.3.3: Physical media transfer
ISO27 Full
A.11.4: Protecting data on storage media leaving the premises
ISO 27018
13.2.1: Information transfer policies and procedures
ISO27 Full
13: Communications security
ISO 27018
1. Task description

When removable media is an important part of an organisation's operations, more specific rules have been defined for securing removable media and the information they contain.

  • when a removable media is transferred outside the organization, it is impossible to restore its contents if the content is no longer needed;
  • the transfer of media from the organization required a permiossion and all transfers will be logged
  • removable media are protected by encryption when the confidentiality and integrity of the information is important
  • information on removable media is regularly passed on to unused media so that the media does not deteriorate and the data becomes unreadable before that time;
  • multiple copies of valuable data are stored on different media to reduce the risk of simultaneous data damage or loss
No items found.