For end points using Windows operating systems, USB flash media will be restricted by a specific device or by a unique identifier (e.g., serial number) to specific users and machines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22177 | STO-FLSH-050 | SV-25815r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Because of the innate security risks involved with using USB flash media, users must follow required access procedures. Restricting specific devices to each user allows for non-repudiation and audit tracking. |
| STIG | Date |
|---|---|
| Removable Storage and External Connection Technologies STIG | 2011-01-18 |
Details
| Check Text ( C-27334r1_chk ) |
|---|
| Further policy details: HBSS DCM configuration guidance is located at www.dodpatchrepository.mil. Check procedures: 1. View the configuration of the DCM module. 2. Verify that DCM is configured to allow or deny approved USB devices based on specific device parameters (i.e., serial number and device instance ID), device driver type (e.g., external USB storage device), and/or a specific host end point or user. |
| Fix Text (F-23395r1_fix) |
|---|
| For end points using Windows operating systems, USB flash media will be restricted by a specific device or by a unique identifier (e.g., serial number) to specific users and machines. |