A virtual machine must not have connected devices that are not necessary for its operation (e.g., Floppy, IDE, CD/DVD, USB, Serial).
This requirement is verified in following services
- CIS-4_1. Establish and maintain a secure configuration process
- CIS-4_2. Establish and maintain a secure configuration process for network infrastructure
- CIS-4_8. Uninstall or disable unnecessary services on enterprise assets and software
- MITRE ATT&CK®-M1034. Limit hardware installation
- CMMC-MP_L2-3_8_7. Removable media
- HITRUST CSF-01_h. Clear desk and clear screen policy
- OSSTMM3-11_9_3. Data networks security - Limitations mapping
- C2M2-9_3_d. Implement IT and OT asset security for cybersecurity architecture
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.