SYS.4.5 Removable Storage Media
Removable storage media are often used to transport data, store it, or access it while mobile. Removable storage media include external hard drives, CD-ROMs, DVDs, memory cards, magnetic tapes, and USB drives...
Description
Introduction
Removable storage media are often used to transport data, store it, or access it while mobile. Removable storage media include external hard drives, CD-ROMs, DVDs, memory cards, magnetic tapes, and USB drives.
Removable storage media can be classified according to whether they are read-only, write-once, or rewritable. There are also differences in the type of data storage (analog or digital) or their form factor. There are interchangeable storage media (e.g., installed hard drives) and external data storage devices (e.g., USB drives).
Objective
This building block demonstrates how removable storage media can be used securely. It also describes how to prevent the unintentional disclosure of information via removable storage media.
Scope and Modeling
The building block SYS.4.5 Removable Storage Media must be applied to every removable storage medium in the information domain.
This building block deals with the security properties of removable storage media. The protection of IT systems to which removable storage media can be connected is not taken into account in this building block. Recommendations for this can be found in the building blocks SYS.1.1 General Server and SYS.2.1 General Client as well as the operating system-specific building blocks.
Removable storage media store data electronically, magnetically, or in other ways not directly perceptible. They do not process data themselves. The requirements for such devices, e.g., smartphones and tablets, are listed in the building block SYS.3.2.1 General Smartphones and Tablets. Cloud storage is also not classified as removable storage media. Requirements for cloud environments can be found in the building block OPS.2.2 Cloud Usage.
Removable storage media can be exchanged at personal meetings or also by dispatch. The secure exchange of the actual information is not addressed in this building block. For this, the requirements of the building block CON.9 Information Exchange must be met.
Threat Landscape
Since IT-Grundschutz building blocks cannot address individual information domains, typical scenarios are used to represent the threat landscape. The following specific threats and vulnerabilities are of particular importance for the building block SYS.4.5 Removable Storage Media.
Carelessness in Handling Information
In institutions, there are often organizational rules and technical security procedures for removable storage media, but these are frequently circumvented by careless handling of removable storage media. For example, removable storage media are left unattended in conference rooms during breaks or left behind in train compartments.
Insufficient Knowledge of Regulations
If the rules for the correct handling of removable storage media are not sufficiently known, they cannot be adhered to. This can give rise to numerous information security threats, for example when unreviewed USB drives are connected to the institution’s IT systems.
Theft or Loss of Removable Storage Media
With removable storage media, the risk of data loss is higher than with stationary IT systems. Causes of data loss include theft or lost devices. The information stored on the removable storage media is often irretrievably lost in these cases. Additionally, the information can fall into the hands of external parties.
Defective Storage Media
Removable storage media are susceptible to damage, errors, or failures due to their size and areas of application. Causes include constantly changing deployment environments or mechanical impacts.
Impairment Through Changing Deployment Environments
Removable storage media are used in very different environments and are thus exposed to many threats. These include, for example, harmful environmental influences such as excessively high or low temperatures, dust, or moisture. Transport damage can also occur. Another important aspect is that removable storage media are often used in areas with different security levels.
Spread of Malware
Removable storage media are often used to exchange data between different devices and workstation computers. Malware could compromise data on removable storage media and thereby transfer itself to workstation computers.
Requirements
The following are the specific requirements of the building block SYS.4.5 Removable Storage Media. The Information Security Officer (ISO) is responsible for ensuring that all requirements are met and verified in accordance with the established security concept. The ISO must always be involved in strategic decisions.
Additional roles are defined in the IT-Grundschutz Compendium. These should be filled insofar as this is sensible and appropriate.
| Responsibilities | Roles |
|---|---|
| Primarily responsible | IT Operations |
| Additional responsibilities | Subject Matter Responsible, Users |
Exactly one role should be Primarily responsible. Beyond that, there may be Additional responsibilities. If one of these additional roles is primarily responsible for fulfilling a requirement, that role is listed in square brackets after the heading of the requirement. The use of singular or plural says nothing about how many people should fill these roles.
Basic Requirements
The following requirements MUST be met with priority for this building block.
SYS.4.5.A1 Sensitization to the Secure Use of Removable Storage Media (B)
All users MUST be sensitized to the secure use of removable storage media. The institution MUST in particular advise users on how they should handle removable storage media to prevent loss or theft and to ensure a long service life.
The institution MUST inform users that they may not connect removable storage media from unknown sources to their IT systems.
SYS.4.5.A2 Loss and Tampering Reporting (B) [Users]
Users MUST immediately report when a removable storage medium has been stolen, lost, or when there is a suspicion of tampering. Users MUST state in their report what information is stored on the removable storage medium. For this, the institution MUST have clear reporting channels and responsibilities.
The institution MUST define how removable storage media that are found after a loss are to be handled. Rediscovered removable storage media MAY NOT be used without prior checking for tampering and malware.
SYS.4.5.A3 DISCONTINUED (B)
This requirement has been discontinued.
SYS.4.5.A10 Storage Media Encryption (B)
If removable storage media are used or transported outside a secure area and contain data requiring protection, the data MUST be encrypted using a secure method.
SYS.4.5.A12 Protection Against Malware (B) [Users]
The institution MUST ensure that only data that has been checked for malware is transferred to removable storage media. Before data from removable storage media is processed, it MUST be checked for malware.
Standard Requirements
Together with the basic requirements, the following requirements correspond to the state of the art for this building block. They SHOULD generally be met.
SYS.4.5.A4 Creation of a Policy for the Secure Use of Removable Storage Media (S)
A policy for the correct use of removable storage media SHOULD be created. The following fundamental aspects SHOULD be taken into account:
- which removable storage media are used and who may use them,
- which data may be stored on removable storage media and which may not,
- how the data stored on removable storage media is to be protected against unauthorized access, manipulation, and loss,
- how the data on removable storage media is to be deleted,
- with which external institutions removable storage media may be exchanged and which security rules are to be observed,
- whether removable storage media may be connected to external IT systems and what is to be observed in this regard,
- how removable storage media are to be dispatched, and
- how the spread of malware via removable storage media is to be prevented.
The institution SHOULD define in the security policy under what conditions removable storage media are to be stored. In particular, the institution SHOULD specify that only authorized users have access to written removable storage media. The institution SHOULD define that the manufacturer’s instructions for handling storage media must be observed.
The institution SHOULD prohibit the use of private removable storage media.
It SHOULD be regularly checked whether the security requirements for handling removable storage media are up to date.
SYS.4.5.A5 Regulation on Taking Removable Storage Media Along (S)
There SHOULD be clear written rules on whether, how, and on what occasions removable storage media may be taken along. In particular, it SHOULD be defined which removable storage media may be transported outside the premises by whom and what security measures are to be observed.
SYS.4.5.A6 Storage Media Management (S) [Subject Matter Responsible]
Management of removable storage media SHOULD be established. Removable storage media SHOULD be labeled uniformly. The management of removable storage media SHOULD ensure that removable storage media are handled and stored properly and used and transported in an orderly manner.
SYS.4.5.A7 Secure Deletion of Removable Storage Media Before and After Use (S) [Subject Matter Responsible]
Before removable storage media are passed on, reused, or decommissioned, they SHOULD be securely deleted in an appropriate manner.
SYS.4.5.A8 DISCONTINUED (S)
This requirement has been discontinued.
SYS.4.5.A13 Labeling of Removable Storage Media for Dispatch (S)
Removable storage media to be dispatched SHOULD be labeled so that senders and recipients can immediately identify them. The labeling of removable storage media or their packaging SHOULD be unambiguous for recipients. The labeling of removable storage media containing sensitive information SHOULD NOT allow outsiders to draw conclusions about the type and content of the information.
SYS.4.5.A17 Ensuring Integrity and Availability for Long-Term Storage (S)
If removable storage media are used to store data for long periods, the institution SHOULD ensure that the removable storage media used are suitable for ensuring the integrity and availability of the data throughout the entire usage period. The integrity of the data SHOULD be regularly checked.
Requirements for High Protection Needs
The following are exemplary proposals for requirements for this building block that go beyond the level of protection corresponding to the state of the art. The proposals SHOULD be considered when there is a higher need for protection. The concrete definition is made in the context of an individual risk analysis.
SYS.4.5.A9 DISCONTINUED (H)
This requirement has been discontinued.
SYS.4.5.A11 Integrity Protection Through Checksums or Digital Signatures (H)
A method to protect against accidental or intentional changes SHOULD be used that ensures the integrity of confidential information. The methods for protection against changes SHOULD correspond to the current state of the art.
SYS.4.5.A14 Secure Dispatch Method and Packaging (H)
The institution SHOULD check how confidential information can be adequately protected during dispatch. Secure dispatch packaging SHOULD be used for removable storage media in which tampering can be immediately recognized. The institution SHOULD inform all those involved about necessary dispatch and packaging types.
SYS.4.5.A15 Use of Certified Removable Storage Media (H)
The institution SHOULD only use removable storage media that are certified. The certification SHOULD in particular cover intact data retention and any encryption methods that may be present.
SYS.4.5.A16 Use of Dedicated IT Systems for Data Inspection (H)
The institution SHOULD use dedicated IT systems as a data lock, in which data is transferred from one removable storage medium to another and is examined for malware in the process.
Additional Information
Good to Know
The International Organization for Standardization describes in the standard ISO/IEC 27001:2013, Chapter A.8.3, how removable storage media can be used securely.