SC-41: PORT AND I/O DEVICE ACCESS

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

  • ICS Control Baselines:
  • Low (ADDED)
  • Moderate (ADDED)
  • High (ADDED)

The organization physically disables or removes [Assignment: organization-defined connection ports or input/output devices] on [Assignment: organization-defined information systems or information system components].

SUPPLEMENTAL GUIDANCE

Connection ports include, for example, Universal Serial Bus (USB) and Firewire (IEEE 1394). Input/output (I/O) devices include, for example, Compact Disk (CD) and Digital Video Disk (DVD) drives. Physically disabling or removing such connection ports and I/O devices helps prevent exfiltration of information from information systems and the introduction of malicious code into systems from those ports/devices.

ICS SUPPLEMENTAL GUIDANCE

No ICS Supplemental Guidance.

Rationale for adding SC-24 to all baselines: The function of ICS can be readily determined in advance, making it easier to identify ports and I/O devices that are unnecessary. Disabling or removing ports reinforces air-gap policy.

RELATED CONTROLS:

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

  • NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY