UCF STIG Viewer Logo

For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22112 STO-DRV-030 SV-25617r2_rule DCBP-1 Medium
Description
Removable media often arrives from the vendor with many files already stored on the drive. These files may contain malware or spyware which present a risk to DoD resources.
STIG Date
Removable Storage and External Connection Technologies STIG 2011-01-18

Details

Check Text ( C-27097r1_chk )
Further policy details:

NSA-approved tools must be used for scanning and wiping all external storage drives and media prior to first time use.

A list of NSA-approved tools, approved specifically for scanning and wiping flash media is available at https://www.cybercom.mil/default.aspx. These are the only approved tools for flash media.

Check procedure:

1. Interview the site representative.
2. Ask if devices are wiped using approved software and procedures prior to using the drive to store or transfer DoD files.
3. Mark as a finding if this is a Windows system and USCYBERCOM-approved tools are not used for scanning and wiping flash media prior to fist time use.
4. Mark as a finding for all devices where the disk is not wiped before first-time use.
Fix Text (F-23199r1_fix)
For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.