Maintain a list of approved removable storage media or devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22172 | STO-ALL-030 | SV-25810r3_rule | ECSC-1 | Low |
| Description |
|---|
| Many persistent memory media or devices are portable, easily stolen, and contain sensitive data. If these devices are lost or stolen, it may take a while to discover that sensitive information has been lost. Inventory and bar-coding of authorized devices will increase the organization’s ability to uncover unauthorized portable storage devices. |
| STIG | Date |
|---|---|
| Removable Storage and External Connection Technologies STIG | 2011-01-18 |
Details
| Check Text ( C-27321r1_chk ) |
|---|
| Further policy details: Track all devices: Flash media, external hard drives, CAC readers, printers, scanners, and other devices attached to USB, firewire, or eSata ports. NOTE: This requirement does not apply to keyboard and mice that do not contain persistent memory. NOTE: See Wireless STIG for security requirements for wireless keyboards and mice. Check procedure: Inspect the equipment list that is used to track flash media, external storage, and/or externally connected peripheral devices. Verify that identifying information is tracked and the list is kept updated as new equipment is replaced or purchased. The following data must be included: 1. Bar Code Tag or serial number. 2. Type of device. 3. Name and contact information of person to whom the device is issued. 4. If the device was transferred, note disposition information such as date wiped and transferred. |
| Fix Text (F-23388r1_fix) |
|---|
| Maintain a list of approved removable storage media or devices. |