Evidence – AC.L2-3.1.21
Limit Use of Portable Storage Devices on External Systems
Control Overview
This document describes the evidence used to demonstrate implementation of AC.L2-3.1.21, which requires limiting the use of portable storage devices on external systems.
This evidence supports the control response documented in the System Security Plan (SSP).
Evidence Objectives
Evidence for this control demonstrates that:
- Use of portable storage devices is restricted
- Controls prevent unauthorized data transfer via removable media
- Device usage is governed by organizational policy and configuration
Evidence Artifacts
1. Portable Storage Device Restrictions
Evidence demonstrating restricted use may include:
- Endpoint policies restricting USB or removable media usage
- Configuration blocking data transfer to unauthorized removable storage
- Organizational rules governing portable media usage
Examples of acceptable sources:
- Microsoft Intune device restriction policies
- Windows endpoint removable storage controls
- Google Endpoint Management device control settings
Evidence Retention
Evidence supporting this control is retained in accordance with organizational policy and contractual requirements and is available for review during assessment.
Notes
Portable storage device restrictions reduce the risk of unauthorized data exfiltration or system compromise.