UCF STIG Viewer Logo

Removable Storage and External Connections Security Technical Implementation Guide

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-22110 High Require approval prior to allowing use of portable storage devices.
V-24177 High Use a National Security Agency (NSA)-approved, Type 1 certified data encryption and hardware solution when storing classified information on USB flash media and other removable storage devices.
V-22115 High Set boot order of computers approved for use with removable storage such that the Basic Input Output System (BIOS) does not allow default booting from devices attached to a USB, firewire, or eSATA port.
V-22173 High Permit only government-procured and -owned devices.
V-22111 High Access to mobile and removable storage devices such as USB thumb drives and external hard disk drives will be protected by password, PIN, or passphrase.
V-22113 Medium Sensitive but unclassified data must be encrypted using FIPS 140-2 validated modules when stored on a USB flash drive and external hard disk drive.
V-23919 Medium The host system will perform on-access anti-virus and malware checking, regardless of whether the external storage or flash drive has software or hardware malware features.
V-22176 Medium Install and configure Host-Based Security System (HBSS) with Device Control Module (DCM) on all Windows host computers that will use removable storage devices.
V-23950 Medium Organizations that do not have a properly configured HBSS with DCM configuration will not use removable storage devices.
V-22112 Medium For all removable flash media and external hard disk drives, use an organization-approved method to wipe the device before using for the first-time.
V-23920 Medium For higher risk data transfers using flash media, use an organization approved security scanning software and disk wipe software to protect against malware and data compromise.
V-23921 Medium Removable storage devices for which the organization has failed to maintain physical control will be scanned for malicious activity upon reclamation.
V-22169 Medium For Wireless USB (WUSB) devices, comply with the Wireless STIG peripheral devices policy.
V-22177 Medium For end points using Windows operating systems, removable storage devices will be restricted by a unique device identifier (e.g. serial number, device instance ID) or to specific host end points or users.
V-22175 Medium Data transfers using USB flash media (thumb drives) will comply with the requirements in the CTO 10-084 (or most recent version) and these procedures will be documented.
V-24176 Low Configure the cryptographic module on a USB thumb drive or external hard drive using a NIST-approved encryption algorithm to encrypt sensitive or restricted data-at-rest.
V-23895 Low Maintain a list of all end point systems that have been authorized for use with flash media.
V-22114 Low Train all users on the secure use of removable media and storage devices, acceptable use policy, and approval process through use of user's guide, user's agreement, or training program.
V-22174 Low Firmware on the USB flash drive and external hard drive will be signed and verified with either Hashed Message Authentication Code (HMAC) or digital signatures.
V-22172 Low Maintain a list of approved removable storage media or devices.
V-23894 Low Maintain a list of all personnel that have been authorized to use flash media.