This objective requires organizations to technically enforce their policy by configuring systems to block or restrict the use of portable storage devices that are not assigned, registered, or otherwise identifiable before they can be used—especially when interacting with systems that handle Controlled Unclassified Information (CUI).