UCF STIG Viewer Logo

Removable Storage and External Connection Technologies STIG

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-22110 High Require approval prior to allowing use of portable storage devices.
V-22115 High Set boot order of computers approved for use with removable storage such that the Basic Input Output System (BIOS) does not allow default booting from devices attached to a USB, firewire, or eSATA port.
V-22173 High Permit only government-procured and -owned devices.
V-22111 High Access to mobile and removable storage devices such as USB thumb drives and external hard disk drives will be protected by password, PIN, or passphrase.
V-24177 High Use a National Security Agency (NSA)-approved, Type 1 certified data encryption and hardware solution when storing classified information on USB flash media and other removable storage devices.
V-23920 Medium For higher risk data transfers using thumb drives, use the File Sanitization Tool (FiST) with Magik Eraser (ME) to protect against malware and data compromise.
V-23921 Medium Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation.
V-22176 Medium Install and configure Host-Based Security System (HBSS) with Device Control Module (DCM) on all Windows host computers that will use USB flash media (thumb drives).
V-22177 Medium For end points using Windows operating systems, USB flash media will be restricted by a specific device or by a unique identifier (e.g., serial number) to specific users and machines.
V-22112 Medium For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.
V-22113 Medium Encrypt sensitive but unclassified data when stored on a USB flash drive and external hard disk drive.
V-22175 Medium Data transfers using USB flash media (thumb drives) will comply with the requirements in the CTO 10-004(A or most recent version) and these procedures will be documented.
V-23950 Medium Organizations that do not have a properly configured HBSS with DCM configuration will not use flash media.
V-22169 Medium For Wireless USB (WUSB) devices, comply with the Wireless STIG peripheral devices policy.
V-23919 Medium The host system will perform on-access anti-virus and malware checking, regardless of whether the external storage or flash drive has software or hardware malware features.
V-22114 Low Train all users on the secure use of removable media and storage devices, acceptable use policy, and approval process through use of user's guide, user's agreement, or training program.
V-22172 Low Maintain a list of approved removable storage media or devices.
V-22174 Low Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures.
V-23896 Low DoD components will purchase removable storage media and Data at Rest (DAR) products from the DoD Enterprise Software Initiative (ESI) blanket purchase agreements program.
V-23894 Low Maintain a list of all personnel that have been authorized to use flash media.
V-23895 Low Maintain a list of all end point systems that have been authorized for use with flash media.
V-24176 Low Configure the cryptographic module on a USB thumb drive or external hard drive using a NIST-approved encryption algorithm to encrypt sensitive or restricted data-at-rest.