Phasing Out USB Storage use : Strengthening Cybersecurity Resilience
June 25, 2025 - Defence Stories

To bolster cybersecurity, the Department of National Defence and Canadian Armed Forces (DND/CAF) is implementing strict controls on the use of USB storage devices across its IT systems. This reduces security risks by ensuring limited usage — only centrally registered and monitored USB devices are permitted, while unauthorized ones are automatically blocked.
Learn more below about the importance of compliance with these new measures below.
For more information on a variety of security topics, please visit the Security Awareness Toolkit, available through the Director General Defence Security (DGDS) intranet page.
Video / June 25, 2025
Transcript
DND/CAF is significantly reducing the use of USB storage devices at work.
- Only approved devices can be used
- All usage will be monitored.
- Unapproved devices will be blocked.
USB devices should only be used when no other option is available.
To report a security incident or for all questions: DIM Secur OPS

Infographic - Text version
Use of USB storage devices in DND/CAF
As part of an overall strengthening of the cybersecurity posture, DND/CAF will significantly reduce the number of USB storage devices on all GC/DND IT systems.
At completion, authorized devices will be centrally registered and monitored while unauthorized devices will be blocked.
Security requirements you need to know:
- Authorized USB devices must be centrally registered and monitored by your Information System Security Officer (ISSO)
- Data Loss Prevention tools track data transfers, ensure only approved devices connect, and flag unusual activity
- All unauthorized USB Storage will be blocked
- There are regular security audits, including device logs and transfers
USB storage devices should only be considered if no other options are available.
To report a security incident or for all questions: DIM Secur OPS.
For more information
- DND/CAF Information Technology Security Standard ITSS-01 for Portable Information Technology Devices (PITD) (Accessible only on the National Defence network)
- For alternative file transfer options JIIFC - Data Transfer Service (Accessible only on the National Defence network)