Cyber Posture

NIST 800-53 r5 · Controls catalogue · Family MP

MP-7Media Use

{{ insert: param, mp-07_odp.02 }} the use of {{ insert: param, mp-07_odp.01 }} on {{ insert: param, mp-07_odp.03 }} using {{ insert: param, mp-07_odp.04 }} ; and Prohibit the use of portable storage devices in organizational systems when such devices have no identifiable owner.

Last updated: 19 May 2026 14:18 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (6)

Weaknesses this control addresses (4)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-284Improper Access Control4,905This control enforces ownership-based restrictions on portable storage device use, directly implementing access control over media insertion into organizational systems.
CWE-434Unrestricted Upload of File with Dangerous Type4,889Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
CWE-829Inclusion of Functionality from Untrusted Control Sphere259Unowned portable devices represent untrusted control spheres; the prohibition prevents inclusion of functionality or data from such sources.
CWE-1263Improper Physical Access Control13Prohibiting portable storage devices without identifiable owners is a direct physical access control measure limiting untraceable media interaction with systems.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-481231.78.40.0006good

Other controls in family MP

MP-1 MP-2 MP-3 MP-4 MP-5 MP-6 MP-8