UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22112 STO-DRV-030 SV-25617r1_rule Medium
Description
Removable media often arrives from the vendor with many files already stored on the drive. These files may contain malware or spyware which present a risk to DoD resources.
STIG Date
Removable Storage and External Connections Security Technical Implementation Guide 2016-12-16

Details

Check Text ( C-27097r1_chk )
Further policy details:

NSA-approved tools must be used for scanning and wiping all external storage drives and media prior to first time use.

A list of NSA-approved tools, approved specifically for scanning and wiping flash media is available at https://www.cybercom.mil/default.aspx. These are the only approved tools for flash media.

Check procedure:

1. Interview the site representative.
2. Ask if devices are wiped using approved software and procedures prior to using the drive to store or transfer DoD files.
3. Mark as a finding if this is a Windows system and USCYBERCOM-approved tools are not used for scanning and wiping flash media prior to fist time use.
4. Mark as a finding for all devices where the disk is not wiped before first-time use.
Fix Text (F-23199r1_fix)
For all USB flash media (thumb drives) and external hard disk drives, use an approved method to wipe the device before using for the first-time.