USB Device Whitelisting

  • 3 minutes to read

Purpose

This SOP outlines the process for requesting and implementing USB device whitelisting in a managed environment. The procedure ensures that only authorized USB devices are permitted for use while maintaining compliance and security policies.

Scope

This procedure applies to all organizations utilizing Compliance-as-a-Service and includes actions for both the Organization seeking certification (OSC) and the External Service Provider (ESP).

Section 1: Organization seeking certification (OSC) Responsibilities

Step 1: Gather Required Device Information

To request a USB device to be whitelisted, the OSC must provide the following information:

  1. Plug in the USB device to a non-managed/unrestricted PC.
  2. Open File Explorer and navigate to the connected USB device.
  3. Right-click on the device and select Properties.
  4. Go to the Hardware tab and select the listed drive under “All disk drives.”
  5. Click on Properties at the bottom of the window.
  6. In the new window, navigate to the Details tab.
  7. Under Property, select Device Instance Path, and copy the value.
  8. Under Property, select Class GUID, and copy the value.
  9. If multiple devices are listed, repeat the process for each.

Step 2: Submit a Whitelisting Request

Once the required information is gathered, the OSC must submit a request for USB whitelisting:

  • The request must be sent to the Nimbus Logic Helpdesk at support@nimbus-logic.us.
  • The request must come from an authorized user within the OSC.
  • The email should include:
    • Device Instance Path
    • Class GUID
    • Business justification for whitelisting
    • Any additional relevant details

Step 3: Await Approval and Confirmation

  • The request will be reviewed by the ESP for compliance and security considerations.
  • The OSC will receive an email confirming whether the request has been approved or denied.
  • If additional information is required, the ESP will reach out for clarification.

Section 2: External Service Provider (ESP) IT Team Steps

Step 1: Validate the Request

  • Verify that the request originates from an authorized user within the OSC.
  • Ensure the provided Device Instance Path and Class GUID are complete and correctly formatted.
  • Review the business justification to determine compliance with security policies.

Step 2: Implement the USB Whitelisting

If the request is approved, the ESP will proceed with the following steps:

  1. Access the Microsoft Endpoint Manager (Intune) Admin Center.
  2. Navigate to Endpoint Security > Manage > Attack surface reduction.
  3. Locate the appropriate policy CAAS - USB Restrictions.
  4. Modify the policy to include an exception for the requested USB device:
    • Add the Device Instance Path.
    • Add the Class GUID.
  5. Save and apply the updated policy.

Step 3: Confirm Implementation

  • Notify the OSC once the whitelisting has been successfully applied.
  • Provide guidance on testing the device to ensure it functions as expected.
  • If any issues arise, troubleshoot accordingly or request additional details from the OSC.

Review & Maintenance

This SOP will be reviewed on a quarterly basis or as required by changes in compliance regulations or Microsoft security policies.