Disable Automatic Execution for Removable Media
Ensure removable media cannot run programs automatically when inserted.
Plain language
This control ensures that when you plug in a USB stick or other portable storage device, no programmes will run automatically. This is important because harmful software could sneak onto your computer without you knowing, potentially leading to data breaches or other security incidents.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningOfficial control statement
Automatic execution features for removable media are disabled.
Why it matters
If removable media can auto-run, malware may execute on insertion without user action, causing compromise of systems, credentials and data.
Operational notes
Verify AutoRun/AutoPlay is disabled via policy on all endpoints, and routinely test with removable media to ensure nothing executes on insertion.
Implementation tips
- The IT team should configure computers to prevent programmes on USB sticks from running automatically. This can be done by adjusting settings in the computer's operating system to disable the 'AutoRun' and 'AutoPlay' features.
- The system administrator should regularly check that these settings are enforced on all devices. This involves running a scan or using system management tools to confirm the configuration matches the policy.
- Managers should inform staff about the change and why it's crucial for security. They can do this by sending a friendly email or holding a quick team meeting to explain how it helps protect the organisation's information.
- The IT team should document the steps taken to disable automatic execution and keep this record up-to-date. This could involve maintaining a checklist or log that details the configuration settings applied to each type of device.
- HR should include guidance on handling removable media during employee onboarding and training. They can create simple guides or include scenarios in training materials to ensure staff understand the risks and new procedures.
Audit / evidence tips
-
Askthe IT configuration policy document: Request the document that outlines the settings for disabling automatic execution of removable media. Check that it includes specific instructions for disabling AutoRun and AutoPlay
Goodis that the document clearly shows steps for these specific settings
-
Askthe IT staff to insert a USB stick into a computer and show that no programmes run automatically
Goodoutcome is seeing the USB content without any programmes starting by themselves
-
Askthem how they ensure settings are applied across all devices and how they keep track of this. Check that they know the procedures for checking this setting and maintaining logs
Goodis that they can describe both the process and the tools they use
-
Askdocumentation or emails that were used to inform staff about this control and its importance
Goodis documents that effectively communicate the risks and new practices
-
Goodresult is a detailed report listing compliant devices
Cross-framework mappings
How ISM-0341 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.9 | ISM-0341 requires automatic execution features for removable media to be disabled to prevent code running when media is inserted | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-AC-ML1.3 | ISM-0341 requires disabling automatic execution features for removable media to stop automatic program launch on insertion | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.