Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-23894 | STO-FLSH-020 | SV-28850r1_rule | Low |
Description |
---|
Many USB flash media devices are portable, easily stolen, and may be used to temporarily store sensitive information. If these devices are lost or stolen, it will assist the investigation if personnel who use these devices are readily identified with contact information. |
STIG | Date |
---|---|
Removable Storage and External Connections Security Technical Implementation Guide | 2016-12-16 |
Check Text ( C-29515r1_chk ) |
---|
Further policy details: Personnel do not have to be matched to a particular machine or device. This check applies only to flash media devices. Check procedure: 1. Inspect the USB authorized personnel listing provided by the site representative. 2. Verify that the list contains names and current contact information at a minimum. |
Fix Text (F-26579r1_fix) |
---|
Maintain a list of all personnel that have been authorized to use flash media. |