Organizations that do not have a properly configured HBSS with DCM configuration will not use flash media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23950 | STO-FLSH-060 | SV-28906r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Because of the innate security risks involved with using flash media, an access control and authorization method is needed. DCM software provides granular end point access control and management of removable media. Currently, DCM only supports the Windows operating system. |
| STIG | Date |
|---|---|
| Removable Storage and External Connection Technologies STIG | 2011-01-18 |
Details
| Check Text ( C-29531r1_chk ) |
|---|
| Further policy details: 1. This requirement applies to all flash media devices, including memory cards and USB devices. 2. DCM will be configured to monitor all flash media, including camera memory, if it is used for non-publicly releasable information storage or to connect to clients attached to DoD networks. Check procedure: Inspect the end points and ensure the following. 1. Verify that if USB thumb drives are used, then HBSS/DCM is used to track usage. 2. Inspect to see if memory cards are used for non-publicly releasable data or are directly or indirectly attached to the NIPRNet or the SIPRNet. 3. If either of these are true, then verify use of HBSS/DCM to monitor their usage. |
| Fix Text (F-26611r1_fix) |
|---|
| Organizations that do not have a properly configured HBSS with DCM configuration will not use flash media. |