Connection ports include Universal Serial Bus (USB), Thunderbolt, and Firewire (IEEE 1394). Input/output (I/O) devices include compact disc and digital versatile disc drives. Disabling or removing such connection ports and I/O devices helps prevent the exfiltration of information from systems and the introduction of malicious code from those ports or devices. Physically disabling or removing ports and/or devices is the stronger action.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-41 | Port and I/O Device Access | Protects | T1025 | Data from Removable Media |
| SC-41 | Port and I/O Device Access | Protects | T1052 | Exfiltration Over Physical Medium |
| SC-41 | Port and I/O Device Access | Protects | T1052.001 | Exfiltration over USB |
| SC-41 | Port and I/O Device Access | Protects | T1200 | Hardware Additions |
| SC-41 | Port and I/O Device Access | Protects | T1091 | Replication Through Removable Media |