Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Maintain a list of all end point systems that have been authorized for use with flash media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23895 | STO-FLSH-030 | SV-28851r1_rule | ECSC-1 | Low |
| Description |
|---|
| Many USB persistent memory devices are portable and easily overlooked. They may be used as a vector for exfiltrating data. To help mitigate this risk, end points must be designated as properly authorized and configured for use with USB flash drives within the DoD. |
| STIG | Date |
|---|---|
| Removable Storage and External Connections Security Technical Implementation Guide | 2015-01-26 |
Details
| Check Text ( C-29516r1_chk ) |
|---|
| Further check details: System does not have to be tied to a single specific device or individual on the listing. Check procedure: 1. Inspect the USB authorized end point listing. 2. Verify that identifying information such as device serial number and location is tracked on the listing. |
| Fix Text (F-26580r1_fix) |
|---|
| Maintain a list of all end point systems that have been authorized for use with flash media. |