https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1703768#M197 <P>Our organization would like to explore the possibility of Thunderbolt Share deployment across CMMC environments for developer machines and potentially on manufacturing floor equipment, such as HMIs and PLC programming stations. We need to restrict functionality to KVM-only mode to maintain compliance with certain NIST controls, for example:</P><UL><LI>Limit system access to authorized users</LI><LI>Restrict applications to the least functionality required</LI><LI>Control removable media</LI></UL><P><STRONG>Our Team is looking for:</STRONG></P><UL><LI>Configuration option to disable file transfer capabilities while maintaining KVM functionality</LI><LI>Group Policy or registry-based enforcement mechanism</LI><LI>What is the expected Audit logging during the use of Thunderbolt Share?<BR /><BR /></LI></UL><P>Without these controls, Thunderbolt Share presents data exfiltration risks for controlled environments. The KVM functionality alone would provide significant operational value without introducing compliance violations.</P><P><STRONG>Can Intel provide:</STRONG></P><UL><LI>Technical documentation for enterprise deployment with security controls</LI><LI>Roadmap for compliance-focused features</LI><LI>List of potential Windows events associated with Thunderbolt Share</LI></UL><P>This directly impacts our ability to approve Thunderbolt Share for ourselves and our clients</P> Wed, 16 Jul 2025 17:34:23 GMT RolandPG 2025-07-16T17:34:23Z https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1703768#M197 <P>Our organization would like to explore the possibility of Thunderbolt Share deployment across CMMC environments for developer machines and potentially on manufacturing floor equipment, such as HMIs and PLC programming stations. We need to restrict functionality to KVM-only mode to maintain compliance with certain NIST controls, for example:</P><UL><LI>Limit system access to authorized users</LI><LI>Restrict applications to the least functionality required</LI><LI>Control removable media</LI></UL><P><STRONG>Our Team is looking for:</STRONG></P><UL><LI>Configuration option to disable file transfer capabilities while maintaining KVM functionality</LI><LI>Group Policy or registry-based enforcement mechanism</LI><LI>What is the expected Audit logging during the use of Thunderbolt Share?<BR /><BR /></LI></UL><P>Without these controls, Thunderbolt Share presents data exfiltration risks for controlled environments. The KVM functionality alone would provide significant operational value without introducing compliance violations.</P><P><STRONG>Can Intel provide:</STRONG></P><UL><LI>Technical documentation for enterprise deployment with security controls</LI><LI>Roadmap for compliance-focused features</LI><LI>List of potential Windows events associated with Thunderbolt Share</LI></UL><P>This directly impacts our ability to approve Thunderbolt Share for ourselves and our clients</P> Wed, 16 Jul 2025 17:34:23 GMT https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1703768#M197 RolandPG 2025-07-16T17:34:23Z https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1703874#M202 <P>Hi&nbsp;<a href="https://community.intel.com/t5/user/viewprofilepage/user-id/436099">@RolandPG</a>,</P> <P>&nbsp;</P> <P>I’ll coordinate this request internally, as some of the information you’re asking for isn’t publicly available. Once I have the necessary details, I’ll reach out to you via email. These documents may require internal access to retrieve.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Randy T.</P> <P>Intel Customer Support Technician</P> <P>&nbsp;</P> Thu, 17 Jul 2025 04:11:46 GMT https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1703874#M202 RandyT_Intel 2025-07-17T04:11:46Z https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1704918#M209 <P>Hi&nbsp;<A href="https://community.intel.com/t5/user/viewprofilepage/user-id/436099" rel="noopener noreferrer" target="_blank">@RolandPG</A>,</P><P>&nbsp;</P><P>I've sent you a private email so we can discuss this matter further in detail. Please check your inbox at your convenience, and feel free to reply there if you have any questions or need additional support.</P><P><BR /></P><P>Looking forward to resolving this with you!</P><P>&nbsp;</P><P>Regards,</P><P><BR /></P><P>Randy T.</P><P>Intel Customer Support Technician</P><BR /> Wed, 23 Jul 2025 01:17:38 GMT https://community.intel.com/t5/Thunderbolt-Share/Thunderbolt-Share-Secure-Configuration-for-Controlled/m-p/1704918#M209 RandyT_Intel 2025-07-23T01:17:38Z