UCF STIG Viewer Logo

Do not process, store, or transmit DoD information on public computers (e.g., those available for use by the general public in kiosks or hotel business centers) or computers that do not have access controls.


Overview

Finding ID Version Rule ID IA Controls Severity
V-21799 SRC-EPT-055 SV-24380r1_rule Medium
Description
There may be hardware or keyboard capture software which could monitor computer usage and keystrokes. Also, these computers may contain virus' and other malicious code which may infect DoD systems being accessed. This policy is in accordance with Directive-Type Memorandum (DTM) 08-027, 31 July 2009, Security of Unclassified DoD Information on Non-DoD Information Systems.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-26068r1_chk )
Verify the users are trained not to use public computers or kiosks to process government sensitive information. This may be placed in the User Agreement or the site's training materials.
Fix Text (F-22583r1_fix)
Ensure users do not use public computers and kiosks to process, store, or transmit sensitive information without approal of the data owner.