UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22174 STO-DRV-040 SV-25812r1_rule DCNR-1 Low
Description
Several security incidents have occurred when the firmware on devices contained malware. For devices used to store or transfer sensitive information, if the firmware is signed, then this provides added assurance that the firmware has not been compromised.
STIG Date
Removable Storage and External Connection Technologies STIG 2011-01-18

Details

Check Text ( C-27323r1_chk )
Further policy details:

1. The minimum HMAC for signature algorithm values are HMAC-SHA256 and Rivest-Shimir-Alderman (RSA) 2048 or better.

2. This requirement applies to USB thumb drives. This requirement also applies to external hard disk drives regardless of connection type (e.g., eSATA, firewire, or USB).

3. This requirement applies to media and devices used for storage of high value data or for transfer between systems with differing classification or trust levels (e.g., contrator to government system).

4. Use of approved devices will ensure use of products with this feature.

Check:

Verify use of approved devices from the DAR-approved products list for flash drive and removable storage devices.
Fix Text (F-23390r1_fix)
Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures.