USB devices are among the most persistent and rapidly evolving attack vectors in enterprise cybersecurity. Our recent USB Threats Radar study analyzed 6,000 devices and found that 6.2 percent contained malware, with over 2,100 viruses detected across 108,555 scanned files. Broader industry data also shows a dramatic increase in USB security threats.
The prevalence of USB viruses and malware has a real-world impact on businesses. For example, the Industrial and Commercial Bank of China’s U.S. operations suffered a cyberattack delivered via USB stick last year that temporarily prevented it from clearing U.S. Treasury trades. Similar incidents across defense, energy, and critical infrastructure sectors demonstrate that USB threats bypass traditional network defenses with alarming effectiveness.
Cybersecurity standards bodies, which are upstream of regulatory bodies, have recognized the threat and are reacting with new and revised guidelines for removable media sanitization. Organizations across government, defense, healthcare, and critical infrastructure sectors should be aware of these changes and the solutions that can help align their USB security programs with the modern threat and regulatory environment.
Sign up for the TYREX newsletter to stay informed about USB security threats and evolving compliance rules.
NIST SP 1334 Signals the Future of USB Security Regulations
Cybersecurity frameworks already address USB security. For example, NIST Special Publication 800-53 Revision 5 includes the MP (Media Protection) family of controls that govern removable media use, sanitization, and access restrictions. DOD STIG requirements, NERC CIP standards, and HIPAA regulations also address removable media security.
However, these controls are often broadly stated and have significant room for interpretation, leaving organizations uncertain about specific technical implementation requirements.
NIST SP 1334, published in September 2025, represents a shift toward more prescriptive technical guidance. The two-page publication organizes USB security into four control categories: procedural controls (policies and authorization), physical controls (secure storage and labeling), technical controls (scanning and port management), and transportation/sanitization protocols.
The technical controls section provides the clearest indication of regulatory direction. Organizations are advised to scan removable media before and after use with automatically updated malware detection software. Devices should also be sanitized before they are used with different equipment and environments.
The new guidance responds to sophisticated threats targeting industrial control systems, including credential-stealing malware and attacks specifically designed to disrupt operational technology. For compliance professionals, SP 1334 demonstrates that cybersecurity authorities now expect detailed, auditable USB security controls with documented removable media decontamination procedures and comprehensive logging.
What Organizations Need From a USB Security Compliance Solution
Implementing the recommended controls requires specific technical capabilities that go beyond traditional endpoint security.
Removable Media Sanitization
Devices from unknown sources must be sanitized before connecting to organizational systems. Devices used internally must be sanitized before reuse or disposal to prevent data leakage.
Virus and Malware Detection
Organizations need a solution that identifies both known viruses and malware and sophisticated threats like BadUSB attacks or zero-day exploits. Signatures must update automatically because manual processes cannot keep pace with constantly evolving threats. Scanning must occur before devices connect to organizational systems to prevent infection.
Comprehensive Audit Logging
Every USB connection requires documentation: which device, which user, when, what was scanned, and what threats were detected. Logs must be tamper-resistant and retained according to regulatory requirements, providing evidence for compliance audits and security incident investigations.
Centralized Management
Security teams require real-time monitoring across distributed locations, consolidated reporting for compliance documentation, and the ability to enforce consistent policies organization-wide.
Policy statements alone cannot satisfy regulatory frameworks that reference these standards. Organizations need purpose-built technical solutions that implement these capabilities at the point where USB devices connect to systems.
How Tyrex Supports USB Security Regulatory Compliance
In the face of evolving regulations and increased threats from USB-borne attacks, organizations across all sectors need effective, deployment-ready USB security solutions.
Tyrex USB Decontamination Stations provide a focused and flexible solution to these challenges. Our USB scanning kiosks help organizations fulfill regulatory requirements for comprehensive virus and malware scanning and removal while maintaining operational flexibility for legitimate USB device use.
Tyrex delivers a complete USB security solution:
- Virus and malware removal. Stations scan all files on USB devices, detect threats using up to five antivirus engines plus AI-powered malware analysis, and automatically remove infected files before devices connect to organizational systems.
- Decontamination stations for any environment. We provide a range of station form factors, including rugged mobile units, compact Satellite models, and fixed Console and Totem kiosks to accommodate deployment scenarios from field operations to high-traffic facilities.
- Centralized management with comprehensive logging. The Tyrex Management Server provides unified administration across distributed locations, automatically deploying signature updates and collecting audit logs that document scanning activity for compliance reporting and security operations.
- Military-grade removable device sanitization. Beyond malware removal, TYREX stations support secure erasure of USB devices before disposal or reuse to address regulatory end-of-life requirements.
- Broad device support. The solution handles USB drives, external hard drives, SD cards, and other removable media across connected and air-gapped deployments.
