MID-056: Allow Device Administrators to Disable Removable Storage Support
Mitigation Tier: Foundational
Description
If a device supports removable external storage media (e.g., USB sticks), implement device configuration options that give administrators the option to disable this support (temporarily or permanently) and reenable it only if and when needed. Disablement should account for both the OS level (e.g., mounting a filesystem) and firmware level (e.g., booting from external storage) interaction with a storage device.
IEC 62443 4-2 Mappings
- CR 7.7 – Least functionality