GRCWatch
Sign inStart free trial

NIST PR.PT-2: Removable Media Controls

Removable media like USB drives and external hard drives are common attack vectors that bypass network defenses. NIST PR.PT-2 requires organizations to protect removable media and restrict its use according to documented policy. Implementing proper controls reduces the risk of data exfiltration and unauthorized access.

What this means

This control requires you to establish and enforce policies that govern how removable media can be used within your organization. You must implement technical and administrative controls to protect data on removable media, restrict which devices can be connected to systems, and define who has authorization to use removable media. This includes monitoring and logging removable media activity, encrypting sensitive data stored on removable devices, and preventing unauthorized copying of data to external drives.

How to comply

  1. 1.Develop a removable media policy that defines approved device types, authorized users, and permitted use cases
  2. 2.Implement technical controls to block or restrict USB ports and external device connections on critical systems
  3. 3.Enable encryption for all removable media containing sensitive or confidential data
  4. 4.Deploy Data Loss Prevention (DLP) tools to monitor and prevent unauthorized data transfers to removable devices
  5. 5.Require device authentication and multi-factor approval for removable media connections on sensitive systems
  6. 6.Maintain an inventory of approved removable media devices and their authorized owners
  7. 7.Log all removable media connections and data access for audit and incident investigation purposes
  8. 8.Conduct regular security awareness training on removable media risks and policy compliance

Evidence auditors look for

  • Documented removable media policy approved by management and communicated to all employees
  • Screenshots of Group Policy or Mobile Device Management (MDM) settings restricting USB device access
  • Encryption software configuration reports showing enabled encryption on all removable media
  • DLP solution alerts and logs showing blocked attempts to copy data to external devices
  • Device inventory spreadsheet tracking approved removable media with owner information and approval dates
  • System logs from endpoints showing removable media connection attempts and access records
  • Training completion records demonstrating employee awareness of removable media security requirements
  • Audit trail showing periodic reviews of removable media usage and policy compliance

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates removable media policy enforcement by centralizing control settings, tracking device inventory, and generating audit logs—eliminating manual tracking and reducing compliance verification time from hours to minutes.

See how GRCWatch handles this control automatically

Start free trial

Related controls

NIST CSF PR.PT-1: Audit LoggingNIST CSF PR.PT-3: Access ControlNIST CSF PR.AC-1: Identities and CredentialsNIST CSF DE.CM-3: Monitoring