Description
Configure the system boot firmware (historically called BIOS on PC
systems) to disallow booting from USB drives.
Rationale
Booting a system from a USB device would allow an attacker to
circumvent any security measures provided by the operating system. Attackers
could mount partitions and modify the configuration of the OS.
- ID
xccdf_org.ssgproject.content_rule_bios_disable_usb_boot
- References
CSC: Critical Security Controls
COBIT®: Control Objectives for Information and Related Technologies
CCI: Control Correlation Identifier
ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels
NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations
Framework for Improving Critical Infrastructure Cybersecurity
CCE: Common Configuration Enumeration