Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22112 | STO-DRV-030 | SV-25617r2_rule | DCBP-1 | Medium |
| Description |
|---|
| Removable media often arrives from the vendor with many files already stored on the drive. These files may contain malware or spyware which present a risk to DoD resources. |
| STIG | Date |
|---|---|
| Removable Storage and External Connection Technologies STIG | 2011-01-18 |
Details
| Check Text ( C-27097r1_chk ) |
|---|
| Further policy details: NSA-approved tools must be used for scanning and wiping all external storage drives and media prior to first time use. A list of NSA-approved tools, approved specifically for scanning and wiping flash media is available at https://www.cybercom.mil/default.aspx. These are the only approved tools for flash media. Check procedure: 1. Interview the site representative. 2. Ask if devices are wiped using approved software and procedures prior to using the drive to store or transfer DoD files. 3. Mark as a finding if this is a Windows system and USCYBERCOM-approved tools are not used for scanning and wiping flash media prior to fist time use. 4. Mark as a finding for all devices where the disk is not wiped before first-time use. |
| Fix Text (F-23199r1_fix) |
|---|
| For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time. |