That, of course, would fall under PCI-DSS Requirement 9—if the Defense Department was handling payment card data, anyway. Fortunately for the Pentagon, it's not, so it doesn't risk having to pay higher interchange fees for transactions. To be fair, the Pentagon already had strict rules in place for the use of removable media on all military computers. It just didn't use technology to actually enforce those rules—and block reams of classified data from being copied to removable media and then carried out the door by a trusted but untrustworthy user. Not that anything like that could ever happen to retailers.
If your employees are complaining about PCI requirements, you'll be glad to hear that—until this week—even the Pentagon's classified systems had looser security. On Sunday (Nov. 28), in the wake of the WikiLeaks leaks, the Defense Department announced it was finally disabling the capability to write data to removable media such as thumb drives or disks on classified computers "as a temporary technical solution to mitigate the future risks of personnel moving classified data to unclassified systems." Translation: We don't want anyone else copying 250,000 sensitive items to a CD.