Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family MP

MP-7Media Use

{{ insert: param, mp-07_odp.02 }} the use of {{ insert: param, mp-07_odp.01 }} on {{ insert: param, mp-07_odp.03 }} using {{ insert: param, mp-07_odp.04 }} ; and Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (6)

Weaknesses this control addresses (4)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-434Unrestricted Upload of File with Dangerous Type4,869Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
CWE-284Improper Access Control4,832This control enforces ownership-based restrictions on portable storage device use, directly implementing access control over media insertion into organizational systems.
CWE-829Inclusion of Functionality from Untrusted Control Sphere254Unowned portable devices represent untrusted control spheres; the prohibition prevents inclusion of functionality or data from such sources.
CWE-1263Improper Physical Access Control13Prohibiting portable storage devices without identifiable owners is a direct physical access control measure limiting untraceable media interaction with systems.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-481231.78.40.0006good

Other controls in family MP

MP-1 MP-2 MP-3 MP-4 MP-5 MP-6 MP-8