Phasing Out USB Storage use : Strengthening Cybersecurity Resilience

June 25, 2025 - Defence Stories

To bolster cybersecurity, the Department of National Defence and Canadian Armed Forces (DND/CAF) is implementing strict controls on the use of USB storage devices across its IT systems. This reduces security risks by ensuring limited usage — only centrally registered and monitored USB devices are permitted, while unauthorized ones are automatically blocked.

Learn more below about the importance of compliance with these new measures below.

For more information on a variety of security topics, please visit the Security Awareness Toolkit, available through the Director General Defence Security (DGDS) intranet page.

Video / June 25, 2025

Transcript

DND/CAF is significantly reducing the use of USB storage devices at work.

Only approved devices can be used
All usage will be monitored.
Unapproved devices will be blocked.

USB devices should only be used when no other option is available.

To report a security incident or for all questions: DIM Secur OPS

Use of USB storage devices in the DND/CAF. Text version below. — Infographic - Text version

Use of USB storage devices in DND/CAF

As part of an overall strengthening of the cybersecurity posture, DND/CAF will significantly reduce the number of USB storage devices on all GC/DND IT systems.

At completion, authorized devices will be centrally registered and monitored while unauthorized devices will be blocked.

Security requirements you need to know:

Authorized USB devices must be centrally registered and monitored by your Information System Security Officer (ISSO)

Data Loss Prevention tools track data transfers, ensure only approved devices connect, and flag unusual activity

All unauthorized USB Storage will be blocked

There are regular security audits, including device logs and transfers

USB storage devices should only be considered if no other options are available.

**To report a security incident or for all questions:** DIM Secur OPS.

For more information

DND/CAF Information Technology Security Standard ITSS-01 for Portable Information Technology Devices (PITD) (Accessible only on the National Defence network)

For alternative file transfer options JIIFC - Data Transfer Service (Accessible only on the National Defence network)

Use of USB storage devices in DND/CAF - Infographic [PDF - 630 KB]

Infographic - Text version

Use of USB storage devices in DND/CAF

As part of an overall strengthening of the cybersecurity posture, DND/CAF will significantly reduce the number of USB storage devices on all GC/DND IT systems.

At completion, authorized devices will be centrally registered and monitored while unauthorized devices will be blocked.

Security requirements you need to know:

Authorized USB devices must be centrally registered and monitored by your Information System Security Officer (ISSO)

Data Loss Prevention tools track data transfers, ensure only approved devices connect, and flag unusual activity

All unauthorized USB Storage will be blocked

There are regular security audits, including device logs and transfers

USB storage devices should only be considered if no other options are available.

**To report a security incident or for all questions:** DIM Secur OPS.

For more information

DND/CAF Information Technology Security Standard ITSS-01 for Portable Information Technology Devices (PITD) (Accessible only on the National Defence network)

For alternative file transfer options JIIFC - Data Transfer Service (Accessible only on the National Defence network)

Use of USB storage devices in DND/CAF - Infographic [PDF - 630 KB]

Page details

2025-06-25

Language selection

Search

Phasing Out USB Storage use : Strengthening Cybersecurity Resilience

Use of USB storage devices in DND/CAF

Security requirements you need to know:

For more information

Page details