The American government agency NIST have just published a short document titled “Reducing the cybersecurity risks of portable storage media in OT environments”. It is a short two page document that give some good advice on how to handle portable storage media. The headline suggests that the advice is only for Operational Technology (OT), but almost all the advice works equally well for Information Technology (IT).

The document includes suggestions for controls related to the area’s procedural, physical, technical and transport and sanitization. Among the technical controls it includes “scanning the media before and after use” which includes “use updated malware detection software for automatic scans” and “when inserting media into unsupported devices, scan from an approved alternate device”. The procedural controls are equally important as the technical controls

These and other are examples of tips in the NIST risk reduction document is why Impex USB Protect was developed in the first place. Impex was developed to be the tool that helps all organizations with these issues and to keep a good cyber hygiene. Impex is a perfect defense line to implement good security controls for OT, as well as IT, environments. The user friendliness of Impex very much assist to make the implementation of the procedural controls. Receipts in electronic (stored on the media or retrieved from server) or paper form also help with record keeping and transports.

Impex USB Protect is the kiosk used for checking mobile data media. It checks with multiple engines, it is automatically updated, and it allows for centralized audits and controls with the ICC management platform. With its transfer function Impex makes it possible to examine files for malicious content as well as changing the mobile data media from an unknown to a known media.

Xtransfer is our new member in the Impex family. It allows import and export between USB mobile data media and network shares, after the ordinary security controls and malware checks have been performed. It is an add-on to the Impex USB Protect, to allow for more choices when a mobile data media is to be handled.

More information on Impex USB Protect: Impex USB Protect

More information on Impex Xtransfer: Impex Xtransfer

The NIST document can be found here: https://www.nist.gov/publications/reducing-cybersecurity-risks-portable-storage-media-ot-environments