8.5: Configure Devices to Not Auto-Run Content

Sub-control 8.5 states that you must configure devices to not auto-run content from removable media.

Asset Type	Security Function	Implementation Groups
Devices	Protect	1, 2, 3

Dependencies

Inputs

Endpoint Inventory: The endpoint inventory.
Desired configuration(s) to disable auto-run: The desired configuration to use to disable auto-running content.There may be multiple configurations targeted at different types of endpoints (for instance, a different configuration might be provided for each type of operating system used on the endpoints in the provided inventory). If the endpoints are capable of performing multiple types of auto-run behavior (i.e., auto-run vs. auto-play), appropriate configurations should be provided for each type.

Operations

For each endpoint in I1, compare the endpoint’s configuration to the appropriate configuration from I2. Generate a list of endpoints that adhere to the specified configuration (M1) and a list of the endpoints that do not adhere to the specified configuration (M2).

Assumptions

Endpoints that are not capable of performing any type of auto-run behavior are included in the compliant list (M1).

Measures

Measure	Definition
M1 = List of endpoints adhering to the specified configuration (compliant list)	A list of all endpoints that adhere to the specified configuration.
M2 = List of endpoints not adhering to the specified configuration (non-compliant list)	A list of endpoints that do not adhere to the specified configuration.
M3 = Count of items in M1	A count of the total number of items in M1.
M4 = Count of items in M2	A count of the total number of items in M2.
M5 = Count of items in I1	A count of the total number of items in I1.

Metrics

Coverage

Metric	Calculation
The ratio of endpoints properly disabling auto-run compared to the total number of endpoints.	M3 / M5